CVE-2020-11939

Name of the Vulnerable Software and Affected Versions nDPI versions 3.2 Stable and earlier

Description The SSH protocol dissector in nDPI has multiple KEXINIT integer overflows, resulting in a controlled remote heap overflow in concat hash string in ssh.c. This issue can be exploited to achieve full Remote Code Execution against any network inspection stack linked against nDPI that uses it for network traffic analysis.

Recommendations For nDPI versions 3.2 Stable and earlier, consider disabling the SSH protocol dissector as a temporary workaround until a patch is available. Restrict access to the ssh.c module to minimize the risk of exploitation. Avoid using the concat hash string function in the affected SSH protocol dissector until the issue is resolved.