CVE-2020-11940

Name of the Vulnerable Software and Affected Versions nDPI versions 3.2 Stable and earlier

Description The issue allows a network-positioned attacker to exploit an out-of-bounds read in concat hash string in ssh.c by sending malformed SSH protocol messages on a network segment monitored by nDPI's library.

Recommendations For nDPI versions 3.2 Stable and earlier, consider restricting access to the ssh.c module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the concat hash string function in the affected ssh.c file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.