{"id":"CVE-2020-15471","details":"In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.","modified":"2026-04-11T12:40:08.372687Z","published":"2020-07-01T11:15:11.037Z","references":[{"type":"WEB","url":"https://github.com/fuzzing2026/CVE-PoCs/tree/main/ndpi-CVE-2020-15471"},{"type":"FIX","url":"https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ntop/ndpi","events":[{"introduced":"0"},{"last_affected":"a50169a7b3ec36c8d789191b014715126e820698"},{"fixed":"61066fb106efa6d3d95b67e47b662de208b2b622"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2"}]}}],"versions":["1.6","1.7","1.8","3.2"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:40:08Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15471.json","vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"CVE-2020-15471-5cfc4d7e","digest":{"function_hash":"181806958158329745930157317768529371896","length":11488},"deprecated":false,"source":"https://github.com/ntop/ndpi/commit/61066fb106efa6d3d95b67e47b662de208b2b622","target":{"function":"ndpi_parse_packet_line_info","file":"src/lib/ndpi_main.c"}},{"signature_version":"v1","signature_type":"Line","id":"CVE-2020-15471-badb0f9d","digest":{"line_hashes":["27901700851997172515899853370165295379","201610050532761011261637841589280118008","80379603526575391506941132032884059593","50134569437380941638251642742657898652","20593940236062609007268419019861085370","25491125043040938689397748663962085461","43300169664683112276481632117949646011","116790465653325931271902848782640801654","292373968204422757132337410372161935521","116648488447125457786506300196923545478","263346130739385710191968011865472873993","296391917667486469350417773925568048146","69134860993316747987146156508663424146","273655233034483769817041979511093976563","98989165444264782114102513971420824324","26532880767996807660972715931252760801","263346130739385710191968011865472873993","296391917667486469350417773925568048146","56886916354076258191347530811655578565","254063902930968828380407248845263613753","16801275324043133306943519013333034661","57642197206367785818596861158905087061","339276707551170325232584450257657301590","141579456440240617831143291024589989128","77765381044025788447971434169695599924","275554343259501276519339382234585602093","220103509617406826040508256826001067017","131887483327079209405820967543777450402","224732526485576017040445576995802432130","124924552320332925981374288075858764327","1237430623777699397437893196055406715"],"threshold":0.9},"deprecated":false,"source":"https://github.com/ntop/ndpi/commit/61066fb106efa6d3d95b67e47b662de208b2b622","target":{"file":"src/lib/ndpi_main.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}