Vulnerabilities > CVE-2017-7458 - NULL Pointer Dereference vulnerability in Ntop Ntopng

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

ntop

CWE-476

NVD

Published: 2017-06-26

Updated: 2017-06-29

Summary

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.

Vulnerable Configurations

Part	Description	Count
Application	Ntop Ntop Ntopng 1.1 Ntop Ntopng 1.2.0 Ntop Ntopng 1.2.1 Ntop Ntopng 2.0.151021 Ntop Ntopng 2.4	5

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md
https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f