Lucene search

MitreCVE-2017-7458

HistoryJun 26, 2017 - 11:29 p.m.

CVE-2017-7458

2017-06-2623:29:00

CWE-476

mitre

web.nvd.nist.gov

cve-2017-7458

networkinterface

gethost

networkinterface.cpp

ntopng

denial of service

null pointer dereference

application crash

remote attackers

hostname

ip address

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

55.7%

JSON

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.

Affected configurations

Nvd

Node

ntopntopngRange≤2.4

VendorProductVersionCPE
ntopntopng*cpe:2.3:a:ntop:ntopng:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ntop	ntopng	*	cpe:2.3:a:ntop:ntopng::::::::

References

github.com/ntop/ntopng/blob/3.0/CHANGELOG.md

github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

55.7%

JSON

Related for CVE-2017-7458