CRITICAL🇵🇱 Wersja polska

CVE-2020-7465

CVSS 9.8v3.1pub. 2020-10-06upd. 2024-11-21

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mpd Project Mpd

    APP
    Mpd Project
    < 5.9
  • Stormshield Network Security

    APP
    Stormshield
    4.4.04.0.0 – 4.3.17 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2023-20032CRITICAL9.8ten sam produkt

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerabilit...

CVE-2022-37434CRITICAL9.8ten sam produkt

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large g...

CVE-2021-31617CRITICAL9.8ten sam produkt

In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, ...

CVE-2025-48707HIGH7.5ten sam produkt

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information cou...

CVE-2023-34198HIGH7.3ten sam produkt

In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25...