Mfrey

**Name of the Vulnerable Software and Affected Versions** CCN-lite version 2.0.0 Beta **Description** The issue allows remote attackers to cause a denial of service or possibly have other unspecified impacts. This is due to the `ccnl ndntlv prependBlob` function in `ccnl-pkt-ndntlv.c` being called with incorrect arguments, specifically an incorrect integer data type that can result in a negative third argument when processing crafted TLV data with inconsistent length information. **Recommendations** For CCN-lite version 2.0.0 Beta, ensure that the `ccnl ndntlv prependBlob` function is called with correct arguments to prevent the denial of service or other potential impacts. As a temporary workaround, consider validating the TLV data for consistent length information before processing it with the `ccnl ndntlv prependBlob` function.

**Name of the Vulnerable Software and Affected Versions** CCN-lite version 2 **Description** A type confusion issue was discovered, leading to a memory access violation and a failure of the nonce feature, which is used for loop prevention. The `ccnl fwd handleInterest` function assumes a specific type for the union member `s`, but if the type is different, the memory is either uninitialised or points to incorrect data, rendering the nonce check insufficient. **Recommendations** For CCN-lite version 2, consider modifying the `ccnl fwd handleInterest` function to correctly handle different types for the union member `s`, ensuring that the memory access is valid and the nonce feature functions as intended.