High severity7.5NVD Advisory· Published Apr 23, 2020· Updated Jun 17, 2026
CVE-2020-11940
CVE-2020-11940
Description
In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- nDPI/nDPIdescription
- osv-coords6 versionspkg:deb/ubuntu/ndpi?arch=src?distro=esm-apps/bionicpkg:deb/ubuntu/ndpi?arch=src?distro=esm-apps/xenialpkg:deb/ubuntu/ndpi?arch=src?distro=focalpkg:deb/ubuntu/ndpi?arch=src?distro=jammypkg:deb/ubuntu/ndpi?arch=src?distro=noblepkg:deb/ubuntu/ndpi?arch=src?distro=oracular
>= 0+ 5 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
Vulnerability mechanics
References
2- github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435nvdPatchThird Party Advisory
- securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpinvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.