PT-2018-17575 · Ccn-Lite · Ccn-Lite

Mfrey

Published

2018-01-31

Updated

2018-02-21

CVE-2018-6480

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CCN-lite version 2

Description A type confusion issue was discovered, leading to a memory access violation and a failure of the nonce feature, which is used for loop prevention. The ccnl fwd handleInterest function assumes a specific type for the union member s, but if the type is different, the memory is either uninitialised or points to incorrect data, rendering the nonce check insufficient.

Recommendations For CCN-lite version 2, consider modifying the ccnl fwd handleInterest function to correctly handle different types for the union member s, ensuring that the memory access is valid and the nonce feature functions as intended.

Fix

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-704

Related Identifiers

CVE-2018-6480

Affected Products

Ccn-Lite

PT-2018-17575 · Ccn-Lite · Ccn-Lite

CVE-2018-6480

Weakness Enumeration

Related Identifiers

Affected Products

References · 3