CVE-2020-15475 – CVE-2020-15475 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2020-15475?

CVE-2020-15475 has a CVSS score of 9.8 (CRITICAL). CVE-2020-15475 is a use-after-free vulnerability in nDPI's packet processing function ndpi_reset_packet_line_info. This allows attackers to potentially execute arbitrary code or cause denial of service by sending specially crafted network packets. Any system using vulnerable versions of nDPI for deep packet inspection is affected.

📋 TL;DR

CVE-2020-15475 is a use-after-free vulnerability in nDPI's packet processing function ndpi_reset_packet_line_info. This allows attackers to potentially execute arbitrary code or cause denial of service by sending specially crafted network packets. Any system using vulnerable versions of nDPI for deep packet inspection is affected.

💻 Affected Systems

Products:

nDPI (ntop Deep Packet Inspection library)

Versions: All versions through 3.2

Operating Systems: All operating systems where nDPI is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or device using nDPI for packet inspection is vulnerable. This includes ntopng and other products that embed nDPI.

📦 What is this software?

Ndpi by Ntop

View all CVEs affecting Ndpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing nDPI to crash, disrupting network monitoring and security functions.

🟢

If Mitigated

Limited impact if nDPI runs in isolated environments with proper memory protection mechanisms.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely by sending malicious packets to systems using nDPI.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they can send packets to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted network packets to trigger the use-after-free condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 6a9f5e4f7c3fd5ddab3e6727b071904d76773952 and later versions

Vendor Advisory: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952

Restart Required: Yes

Instructions:

1. Update nDPI to version after commit 6a9f5e4f7c3fd5ddab3e6727b071904d76773952. 2. Recompile any applications using nDPI. 3. Restart services using nDPI.

🔧 Temporary Workarounds

Network segmentation

all

Restrict network access to systems using nDPI to minimize attack surface

Disable nDPI if not essential

all

Temporarily disable nDPI-based inspection if functionality is not critical

🧯 If You Can't Patch

Implement strict network filtering to limit packets reaching nDPI systems
Monitor for crashes or abnormal behavior in nDPI processes

🔍 How to Verify

Check if Vulnerable:

Check nDPI version: if version ≤ 3.2, system is vulnerable. Also check if commit 6a9f5e4f7c3fd5ddab3e6727b071904d76773952 is not present.

Check Version:

Check nDPI source code or compiled library version. For ntopng: check version in web interface or configuration.

Verify Fix Applied:

Verify nDPI version is > 3.2 or contains commit 6a9f5e4f7c3fd5ddab3e6727b071904d76773952.

📡 Detection & Monitoring

Log Indicators:

nDPI process crashes
Memory access violation errors in system logs
Abnormal termination of packet inspection services

Network Indicators:

Unusual packet patterns targeting nDPI ports
Spike in malformed packets

SIEM Query:

Process: nDPI OR ndpi AND (EventID: 1000 OR "segmentation fault" OR "access violation")

📊 Metadata

CVE ID: CVE-2020-15475

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: July 1, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 Patch,Vendor Advisory
https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15475, you might also want to check these: