CVE-2020-15473

Description

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.

How to fix CVE-2020-15473

To remediate CVE-2020-15473, upgrade the affected package to a fixed version below.

• Debian/ndpi—upgrade to 3.4-1 or later

Is CVE-2020-15473 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.4-1

CVSS scores

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-15473