VYPR

MPD: FreeBSD PPP daemon

by Musicplayerdaemon

CVEs (2)

  • CVE-2020-7465CriOct 6, 2020
    risk 0.64cvss 9.8epss 0.03

    The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

  • CVE-2020-7466HigOct 6, 2020
    risk 0.49cvss 7.5epss 0.02

    The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.