Vulnerabilities > CCN Lite

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2017-12467 Missing Release of Resource after Effective Lifetime vulnerability in Ccn-Lite
Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.
network
low complexity
ccn-lite CWE-772
5.0
2018-02-07 CVE-2017-12466 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ccn-Lite
CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.
network
low complexity
ccn-lite CWE-119
7.5
2018-02-07 CVE-2017-12465 Integer Overflow or Wraparound vulnerability in Ccn-Lite
Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.
network
low complexity
ccn-lite CWE-190
7.5
2018-02-07 CVE-2017-12464 NULL Pointer Dereference vulnerability in Ccn-Lite
ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.
network
low complexity
ccn-lite CWE-476
5.0
2018-02-07 CVE-2017-12463 Missing Release of Resource after Effective Lifetime vulnerability in Ccn-Lite
Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown.
network
low complexity
ccn-lite CWE-772
5.0
2018-02-07 CVE-2017-12412 Infinite Loop vulnerability in Ccn-Lite
ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.
network
ccn-lite CWE-835
6.8
2018-01-31 CVE-2018-6480 Incorrect Type Conversion or Cast vulnerability in Ccn-Lite 2.0.0
A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention).
network
ccn-lite CWE-704
6.8