CVE-2020-15472

Name of the Vulnerable Software and Affected Versions nDPI versions 3.2 and earlier

Description The issue is related to a heap-based buffer over-read in the H.323 dissector, specifically in the ndpi search h323 function located in lib/protocols/h323.c. This occurs when a payload packet length is too short.

Recommendations For nDPI versions 3.2 and earlier, consider disabling the H.323 dissector as a temporary workaround until a patch is available. Restrict access to the ndpi search h323 function in lib/protocols/h323.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.