{"id":"CVE-2020-15473","details":"In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.","modified":"2026-04-11T12:40:10.185216Z","published":"2020-07-01T11:15:11.210Z","references":[{"type":"WEB","url":"https://github.com/fuzzing2026/CVE-PoCs/tree/main/ndpi-CVE-2020-15473"},{"type":"FIX","url":"https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ntop/ndpi","events":[{"introduced":"0"},{"last_affected":"a50169a7b3ec36c8d789191b014715126e820698"},{"fixed":"8e7b1ea7a136cc4e4aa9880072ec2d69900a825e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2"}]}}],"versions":["1.6","1.7","1.8","3.2"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/ntop/ndpi/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e","digest":{"length":2382,"function_hash":"192252261345396272412344169305656396433"},"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"CVE-2020-15473-0661d5ee","target":{"function":"ndpi_search_openvpn","file":"src/lib/protocols/openvpn.c"}},{"source":"https://github.com/ntop/ndpi/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e","digest":{"threshold":0.9,"line_hashes":["120541696119223933075913659450354527370","291574511404004096364460413370479978363","277135394631348064905746891539103276691","50987767832657500127338003139207687758","36393570300279703069538533962963843037","152409335899280897507972788079563953896","335168058081815080882857844169875825173","113294838841681484773695623479244812417","169965962956931046423361976741765583348","317837890801947820382628720042642440151","338121551358467552327520757020570968128","70669103114444934518000202077995610527","30326971104187283346933887804447359161","2062728224824253269260167954796141785","319350985622125803101726583689326453245","131597740328840871757493343986462211324","80697796542899172623413062410339145446","267342591387490441666390608402358180499","325942190713103871535825490504713013379","96698853609062266468742917903020500894","330461421151444451450142019851367323122","15899165430019831694673766454984138790","22467603310793655981866145992380224274","120667697698960705885129134344962635587","304519610789160263424290571729351514058","63248312685781254840736882550544114379","321656176854153695677221051624026898210","195546295895083320889905048118503054998","50648610570859172646935547174876622232","335255706856479114057491399525074063379","34907101113343472740901720949816658763","11256847525392295769295159344473853379","195980097331043122637675209296159261250","172435098987748125442932524289166659554","256666685489292664881896619538931025935","235876042553149583996640987594619008576"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2020-15473-a50e24ff","target":{"file":"src/lib/protocols/openvpn.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15473.json","vanir_signatures_modified":"2026-04-11T12:40:10Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}