{"id":"UBUNTU-CVE-2025-25066","details":"nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.","modified":"2026-05-20T16:07:49.107153168Z","published":"2025-02-03T06:15:00Z","upstream":["CVE-2025-25066"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-25066"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-25066"},{"type":"REPORT","url":"https://github.com/ntop/nDPI/commit/678697b5eb6c3caa5dd5f8cccfe9eed8d13b94bb"}],"affected":[{"package":{"name":"ndpi","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ndpi?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5.0-1","1.6-1","1.7.1~git20151130.6f3d5a7-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libndpi-bin","binary_version":"1.7.1~git20151130.6f3d5a7-1"},{"binary_name":"libndpi3","binary_version":"1.7.1~git20151130.6f3d5a7-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25066.json"}},{"package":{"name":"ndpi","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ndpi?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8-1","2.2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libndpi-bin","binary_version":"2.2-1"},{"binary_name":"libndpi-wireshark","binary_version":"2.2-1"},{"binary_name":"libndpi5","binary_version":"2.2-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25066.json"}},{"package":{"name":"ndpi","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/ndpi?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.6-4","2.6-5"],"ecosystem_specific":{"binaries":[{"binary_name":"libndpi-bin","binary_version":"2.6-5"},{"binary_name":"libndpi-wireshark","binary_version":"2.6-5"},{"binary_name":"libndpi2.6","binary_version":"2.6-5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25066.json"}},{"package":{"name":"ndpi","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/ndpi?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.0-4","4.2-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libndpi-bin","binary_version":"4.2-2"},{"binary_name":"libndpi-wireshark","binary_version":"4.2-2"},{"binary_name":"libndpi4.2","binary_version":"4.2-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25066.json"}},{"package":{"name":"ndpi","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/ndpi?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.2-2","4.2-2.1","4.2-2.1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libndpi-bin","binary_version":"4.2-2.1build1"},{"binary_name":"libndpi-wireshark","binary_version":"4.2-2.1build1"},{"binary_name":"libndpi4.2t64","binary_version":"4.2-2.1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25066.json"}},{"package":{"name":"ndpi","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/ndpi?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.2-2.1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libndpi-bin","binary_version":"4.2-2.1build1"},{"binary_name":"libndpi-wireshark","binary_version":"4.2-2.1build1"},{"binary_name":"libndpi4.2t64","binary_version":"4.2-2.1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25066.json"}},{"package":{"name":"ndpi","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/ndpi?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.2-2.1build1","4.2-2.1build2"],"ecosystem_specific":{"binaries":[{"binary_name":"libndpi-bin","binary_version":"4.2-2.1build2"},{"binary_name":"libndpi-wireshark","binary_version":"4.2-2.1build2"},{"binary_name":"libndpi4.2t64","binary_version":"4.2-2.1build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25066.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}