High severity7.5NVD Advisory· Published Jul 1, 2020· Updated Jun 17, 2026
CVE-2020-15476
CVE-2020-15476
Description
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
Affected products
8- nDPI/nDPIdescription
- osv-coords6 versionspkg:deb/ubuntu/ndpi?arch=src?distro=esm-apps/bionicpkg:deb/ubuntu/ndpi?arch=src?distro=esm-apps/xenialpkg:deb/ubuntu/ndpi?arch=src?distro=focalpkg:deb/ubuntu/ndpi?arch=src?distro=jammypkg:deb/ubuntu/ndpi?arch=src?distro=noblepkg:deb/ubuntu/ndpi?arch=src?distro=oracular
>= 0+ 5 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
Vulnerability mechanics
References
4- github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05nvdPatchThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdExploitPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/08/msg00052.htmlnvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/08/msg00016.htmlnvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.