Vulnerabilities > CVE-2017-12412 - Infinite Loop vulnerability in Ccn-Lite

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

ccn-lite

CWE-835

NVD

Published: 2018-02-07

Updated: 2019-10-03

Summary

ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.

Vulnerable Configurations

Part	Description	Count
Application	Ccn-Lite CCN Lite CCN Lite 0.1.0 CCN Lite CCN Lite 0.2.0 CCN Lite CCN Lite 0.3.0 CCN Lite CCN Lite 0.3.1	4

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0
https://github.com/cn-uofbasel/ccn-lite/issues/128