Login Sign Up

CVE-2020-15471

9.1 CRITICAL
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-15471 is a heap-based buffer over-read vulnerability in nDPI's packet parsing code that could allow attackers to read sensitive memory contents or cause denial of service. This affects systems using nDPI versions through 3.2 for deep packet inspection. Network monitoring tools and security appliances incorporating nDPI are potentially vulnerable.

💻 Affected Systems

Products:
  • nDPI
  • ntopng
  • PF_RING
  • other products using nDPI library
Versions: All versions through 3.2
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using nDPI for deep packet inspection is affected regardless of configuration

📦 What is this software?

Ndpi by Ntop

View all CVEs affecting Ndpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though buffer over-read typically enables information disclosure or crashes

🟠

Likely Case

Denial of service through application crashes or information disclosure of adjacent memory contents

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations like ASLR

🌐 Internet-Facing: MEDIUM - Requires packet processing capability, but many nDPI deployments are internal
🏢 Internal Only: MEDIUM - Network monitoring tools often process internal traffic, creating attack surface

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted network packets to systems using nDPI

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: nDPI 3.3 and later

Vendor Advisory: https://github.com/ntop/nDPI/security/advisories

Restart Required: Yes

Instructions:

1. Update nDPI to version 3.3 or later. 2. Recompile any applications using nDPI. 3. Restart affected services. 4. Verify the commit 61066fb106efa6d3d95b67e47b662de208b2b622 is included.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to systems using nDPI to trusted sources only

Disable nDPI Processing

linux

Temporarily disable nDPI deep packet inspection if not critical

# Configuration dependent - consult application documentation

🧯 If You Can't Patch

  • Implement strict network ACLs to limit packet sources
  • Deploy exploit mitigations like ASLR and stack canaries

🔍 How to Verify

Check if Vulnerable:

Check nDPI version: ndpi --version or check library version in applications

Check Version:

ndpi-config --version || strings /usr/lib/libndpi.so | grep 'nDPI version'

Verify Fix Applied:

Verify nDPI version is 3.3+ and commit 61066fb106efa6d3d95b67e47b662de208b2b622 is present

📡 Detection & Monitoring

Log Indicators:

  • Application crashes
  • Memory access violation errors
  • Unexpected process termination

Network Indicators:

  • Malformed packets targeting nDPI ports
  • Unusual packet patterns to monitoring systems

SIEM Query:

process_name:nDPI AND (event_type:crash OR error_message:"buffer over-read" OR error_code:SIGSEGV)

📊 Metadata

CVE ID: CVE-2020-15471
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: July 1, 2020
Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15471, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)