rpm package
opensuse/ppp&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ppp&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4603 | — | < 2.5.0-1.1 | 2.5.0-1.1 | Dec 18, 2022 | A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vul | ||
| CVE-2020-8597 | — | < 2.4.8-3.6 | 2.4.8-3.6 | Feb 3, 2020 | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | ||
| CVE-2015-3310 | — | < 2.4.7-7.1 | 2.4.7-7.1 | Apr 24, 2015 | Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. | ||
| CVE-2014-3158 | — | < 2.4.7-7.1 | 2.4.7-7.1 | Nov 15, 2014 | Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." |
- CVE-2022-4603Dec 18, 2022affected < 2.5.0-1.1fixed 2.5.0-1.1
A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vul
- CVE-2020-8597Feb 3, 2020affected < 2.4.8-3.6fixed 2.4.8-3.6
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
- CVE-2015-3310Apr 24, 2015affected < 2.4.7-7.1fixed 2.4.7-7.1
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
- CVE-2014-3158Nov 15, 2014affected < 2.4.7-7.1fixed 2.4.7-7.1
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."