CVE-2018-6948

Name of the Vulnerable Software and Affected Versions CCN-lite version 2

Description The issue arises in the ccnl prefix to str detailed function, which can cause a buffer overflow when writing a prefix to the buffer buf. The buffer size is defined as CCNL MAX PREFIX SIZE, but when NFN is enabled, additional characters such as "NFN" and "R2C" tags are written to the buffer, potentially causing an overflow. This can occur when sending an NFN-R2C packet with a prefix of size CCNL MAX PREFIX SIZE.

Recommendations For CCN-lite version 2, consider disabling NFN support to prevent the buffer overflow in the ccnl prefix to str detailed function until a patch is available. Restrict access to the ccnl prefix to str detailed function to minimize the risk of exploitation. Avoid using the buf buffer with NFN-R2C packets that have a prefix of size CCNL MAX PREFIX SIZE until the issue is resolved.