CVE-2020-28194 - Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attri

CVE-2020-28194

Summary

Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.

References

https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69
https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr

Vulnerable Configurations

cpe:2.3:a:accel-ppp:accel-ppp:1.12.0-92-g38b6104:*:*:*:*:*:*:*
cpe:2.3:a:accel-ppp:accel-ppp:1.12.0-92-g38b6104:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-02-2021 - 20:58)
Impact:
Exploitability:

CWE

CWE-191

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

Last major update

05-02-2021 - 20:58

Published

01-02-2021 - 14:15

Last modified

05-02-2021 - 20:58