CVE-2020-15471

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based
buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.

CVE-2020-15472

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in
lib/protocols/tls.c.

CVE-2020-15473

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based
buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.

CVE-2020-15474

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in
lib/protocols/tls.c.

CVE-2020-15475

In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits
certain reinitialization, leading to a use-after-free.

CVE-2020-15476

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer
over-read in ndpi_search_oracle in lib/protocols/oracle.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15471
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15472
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15473
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15474
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15475
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15476
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15471.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15472.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15473.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15474.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15475.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15476.html