CRITICAL🇵🇱 Wersja polska

CVE-2020-28194

CVSS 9.8v3.1pub. 2021-02-01upd. 2024-11-21

Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Accel Ppp

    APP
    Accel-Ppp
    < 1.12.0-e9d369a
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2022-0982CRITICAL9.8ten sam produkt

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerabili...

CVE-2022-24704CRITICAL9.8ten sam produkt

The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerabilit...

CVE-2022-24705CRITICAL9.8ten sam produkt

The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-...

CVE-2021-42870HIGH7.5ten sam produkt

ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.

CVE-2021-42054HIGH7.5ten sam produkt

ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication...