Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-6948

EPSS 0.44% · P63
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-6948

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
CCN-lite 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CCN-lite是CCN-lite项目的一个轻量级CCNx(内容中心网络协议)的实现。 CCN-lite 2版本中的‘ccnl_prefix_to_str_detailed’函数存在缓冲区溢出漏洞,该漏洞源于程序没有正确的执行边界检测。远程攻击者可通过发送特制的NFN-R2C数据包利用该漏洞在系统上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2018-6948

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-6948

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-02-13 · 19 CVEs total

CVE-2017-18186QPDF 资源管理错误漏洞
CVE-2018-6942FreeType 2 安全漏洞
CVE-2018-6930ImageMagick 缓冲区错误漏洞
CVE-2018-6911Advantech WebAccess 操作系统命令注入漏洞
CVE-2018-0488ARM mbed TLS 缓冲区错误漏洞
CVE-2018-0487ARM mbed TLS 缓冲区错误漏洞
CVE-2018-6928PHP Scripts Mall News Website Script SQL注入漏洞
CVE-2018-6952GNU patch 安全漏洞
CVE-2018-6951GNU patch 安全漏洞
CVE-2018-5459WAGO PFC200 Series 3S CoDeSys Runtime 授权问题漏洞
CVE-2017-18185QPDF 缓冲区错误漏洞
CVE-2017-18184QPDF 缓冲区错误漏洞
CVE-2017-18183QPDF 资源管理错误漏洞
CVE-2016-10713GNU patch 缓冲区错误漏洞
CVE-2015-9252QPDF 资源管理错误漏洞
CVE-2018-6954systemd 权限许可和访问控制问题漏洞
CVE-2018-6953CCN-lite NDNTLV解析器缓冲区错误漏洞
CVE-2018-6910DedeCMS 信息泄露漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2018-6948

No comments yet

Leave a comment