Vulnerabilities > CVE-2018-12889 - Out-of-bounds Write vulnerability in Ccn-Lite 2.0.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ccn-lite

CWE-787

critical

NVD

Published: 2018-06-26

Updated: 2020-08-24

Summary

An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.

Vulnerable Configurations

Part	Description	Count
Application	Ccn-Lite CCN Lite CCN Lite 2.0.1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/cn-uofbasel/ccn-lite/issues/279