Vulnerabilites related to accel-ppp - accel-ppp
CVE-2022-0982 (GCVE-0-2022-0982)
Vulnerability from cvelistv5
Published
2022-03-16 14:04
Modified
2024-09-17 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- https://cwe.mitre.org/data/definitions/120.html
Summary
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xebd/accel-ppp/issues/164 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| https://accel-ppp.org/ | Accel-PPP |
Version: 1.12 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xebd/accel-ppp/issues/164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Accel-PPP",
"vendor": "https://accel-ppp.org/",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "en",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b-\u003ebuf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "https://cwe.mitre.org/data/definitions/120.html",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T14:04:22",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xebd/accel-ppp/issues/164"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow via crafted client request in Accel-PPP v1.12",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-03-15T09:32:00.000Z",
"ID": "CVE-2022-0982",
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow via crafted client request in Accel-PPP v1.12"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Accel-PPP",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.12",
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "https://accel-ppp.org/"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b-\u003ebuf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "https://cwe.mitre.org/data/definitions/120.html"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xebd/accel-ppp/issues/164",
"refsource": "MISC",
"url": "https://github.com/xebd/accel-ppp/issues/164"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2022-0982",
"datePublished": "2022-03-16T14:04:22.485737Z",
"dateReserved": "2022-03-15T00:00:00",
"dateUpdated": "2024-09-17T04:20:24.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42870 (GCVE-0-2021-42870)
Vulnerability from cvelistv5
Published
2022-05-16 14:01
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xebd/accel-ppp/issues/158 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xebd/accel-ppp/issues/158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:01:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xebd/accel-ppp/issues/158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xebd/accel-ppp/issues/158",
"refsource": "MISC",
"url": "https://github.com/xebd/accel-ppp/issues/158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42870",
"datePublished": "2022-05-16T14:01:21",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24705 (GCVE-0-2022-24705)
Vulnerability from cvelistv5
Published
2022-02-14 21:04
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- https://cwe.mitre.org/data/definitions/120.html
Summary
The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/accel-ppp/accel-ppp/pull/35 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| https://accel-ppp.org/ | accel-ppp |
Version: 1.12 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "accel-ppp",
"vendor": "https://accel-ppp.org/",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "en",
"value": "Eugene Lim from Government Technology Agency of Singapore"
},
{
"lang": "en",
"value": "Kar Wei Loh from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "https://cwe.mitre.org/data/definitions/120.html",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T21:04:30",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-02-10T07:32:00.000Z",
"ID": "CVE-2022-24705",
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "accel-ppp",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.12",
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "https://accel-ppp.org/"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
},
{
"lang": "eng",
"value": "Kar Wei Loh from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "https://cwe.mitre.org/data/definitions/120.html"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/accel-ppp/accel-ppp/pull/35",
"refsource": "MISC",
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2022-24705",
"datePublished": "2022-02-14T21:04:30.848419Z",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-09-16T18:39:19.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28194 (GCVE-0-2020-28194)
Vulnerability from cvelistv5
Published
2021-02-01 13:13
Modified
2024-08-04 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr | x_refsource_MISC | |
| https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T13:35:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr",
"refsource": "MISC",
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr"
},
{
"name": "https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69",
"refsource": "MISC",
"url": "https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28194",
"datePublished": "2021-02-01T13:13:47",
"dateReserved": "2020-11-02T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42054 (GCVE-0-2021-42054)
Vulnerability from cvelistv5
Published
2021-10-07 05:28
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xebd/accel-ppp/issues/156 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:26.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xebd/accel-ppp/issues/156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T05:28:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xebd/accel-ppp/issues/156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xebd/accel-ppp/issues/156",
"refsource": "MISC",
"url": "https://github.com/xebd/accel-ppp/issues/156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42054",
"datePublished": "2021-10-07T05:28:57",
"dateReserved": "2021-10-07T00:00:00",
"dateUpdated": "2024-08-04T03:22:26.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15173 (GCVE-0-2020-15173)
Vulnerability from cvelistv5
Published
2020-09-09 22:45
Modified
2024-08-04 13:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-rr68-fchr-69vf | x_refsource_CONFIRM | |
| https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-rr68-fchr-69vf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "accel-ppp",
"vendor": "accel-ppp",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.12.0-92-g38b6104"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T22:45:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-rr68-fchr-69vf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b"
}
],
"source": {
"advisory": "GHSA-rr68-fchr-69vf",
"discovery": "UNKNOWN"
},
"title": "Heap buffer overflow in ACCEL-PPP",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15173",
"STATE": "PUBLIC",
"TITLE": "Heap buffer overflow in ACCEL-PPP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "accel-ppp",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.12.0-92-g38b6104"
}
]
}
}
]
},
"vendor_name": "accel-ppp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-rr68-fchr-69vf",
"refsource": "CONFIRM",
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-rr68-fchr-69vf"
},
{
"name": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b",
"refsource": "MISC",
"url": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b"
}
]
},
"source": {
"advisory": "GHSA-rr68-fchr-69vf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15173",
"datePublished": "2020-09-09T22:45:13",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24704 (GCVE-0-2022-24704)
Vulnerability from cvelistv5
Published
2022-02-14 21:04
Modified
2024-09-16 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- https://cwe.mitre.org/data/definitions/120.html
Summary
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/accel-ppp/accel-ppp/pull/35 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| https://accel-ppp.org/ | Accel-PPP |
Version: 1.12 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Accel-PPP",
"vendor": "https://accel-ppp.org/",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "1.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "en",
"value": "Eugene Lim from Government Technology Agency of Singapore"
},
{
"lang": "en",
"value": "Kar Wei Loh from Government Technology Agency of Singapore"
}
],
"datePublic": "2022-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer \u0026attr-\u003eval.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "https://cwe.mitre.org/data/definitions/120.html",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T21:04:29",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow via Crafted IPv6 Addr Attribute Type Client Request in Accel-PPP v1.12",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"DATE_PUBLIC": "2022-02-10T07:47:00.000Z",
"ID": "CVE-2022-24704",
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow via Crafted IPv6 Addr Attribute Type Client Request in Accel-PPP v1.12"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Accel-PPP",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.12",
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "https://accel-ppp.org/"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Ong from Government Technology Agency of Singapore"
},
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
},
{
"lang": "eng",
"value": "Kar Wei Loh from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer \u0026attr-\u003eval.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "https://cwe.mitre.org/data/definitions/120.html"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/accel-ppp/accel-ppp/pull/35",
"refsource": "MISC",
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2022-24704",
"datePublished": "2022-02-14T21:04:29.942661Z",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-09-16T19:00:04.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-03-16 15:15
Modified
2024-11-21 06:39
Severity ?
Summary
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve_disclosure@tech.gov.sg | https://github.com/xebd/accel-ppp/issues/164 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xebd/accel-ppp/issues/164 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C5840-2CCB-4241-8AD3-F3A591D314AA",
"versionEndIncluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b-\u003ebuf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
},
{
"lang": "es",
"value": "La funci\u00f3n telnet_input_char en el archivo opt/src/accel-pppd/cli/telnet.c sufre una vulnerabilidad de corrupci\u00f3n de memoria, por la que la entrada del usuario cmdline_len es copiada en un b\u00fafer fijo b-)buf sin ninguna comprobaci\u00f3n de l\u00edmites. Si el servidor es conectado con un cliente malicioso, las peticiones dise\u00f1adas del cliente pueden desencadenar esta vulnerabilidad de forma remota"
}
],
"id": "CVE-2022-0982",
"lastModified": "2024-11-21T06:39:47.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-16T15:15:16.253",
"references": [
{
"source": "cve_disclosure@tech.gov.sg",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/xebd/accel-ppp/issues/164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/xebd/accel-ppp/issues/164"
}
],
"sourceIdentifier": "cve_disclosure@tech.gov.sg",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 06:15
Modified
2024-11-21 06:27
Severity ?
Summary
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/xebd/accel-ppp/issues/156 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xebd/accel-ppp/issues/156 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5B872F-636C-4C57-9D89-BB58B8B0BAE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication."
},
{
"lang": "es",
"value": "ACCEL-PPP versi\u00f3n 1.12.0, presenta una lectura fuera de l\u00edmites en la funci\u00f3n triton_context_schedule si el cliente sale despu\u00e9s de la autenticaci\u00f3n"
}
],
"id": "CVE-2021-42054",
"lastModified": "2024-11-21T06:27:09.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T06:15:07.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/xebd/accel-ppp/issues/156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/xebd/accel-ppp/issues/156"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-09 23:15
Modified
2024-11-21 05:05
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679B5514-7B19-4406-900D-A10D6DA75DDA",
"versionEndIncluding": "1.12.0-92-g38b6104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions."
},
{
"lang": "es",
"value": "En ACCEL-PPP (una implementaci\u00f3n de PPTP/PPPoE/L2TP/SSTP), se presenta un desbordamiento del b\u00fafer cuando se recibe un paquete de control l2tp con un AVP cuyo tipo es una cadena y no indicadores ocultos, la longitud se establece en menos de 6. Si su aplicaci\u00f3n es usada en redes abiertas o existen nodos que no son confiables en la red, se recomienda aplicar el parche. El problema se corrigi\u00f3 con el commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b. Como soluci\u00f3n alternativa, los cambios del commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b pueden ser aplicados a versiones anteriores"
}
],
"id": "CVE-2020-15173",
"lastModified": "2024-11-21T05:05:00.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-09T23:15:10.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-rr68-fchr-69vf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-rr68-fchr-69vf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 14:15
Modified
2024-11-21 05:22
Severity ?
Summary
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41B2A897-7CA6-4F53-8993-A0747BC3C1EC",
"versionEndExcluding": "1.12.0-e9d369a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se presenta subdesbordamiento de variable en accel-ppp en el archivo radius/packet.c cuando se recibe un atributo espec\u00edfico del proveedor RADIUS con un campo de longitud menor que 2. Presenta un impacto solo cuando el atacante controla el servidor RADIUS, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"
}
],
"id": "CVE-2020-28194",
"lastModified": "2024-11-21T05:22:27.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T14:15:12.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-16 14:15
Modified
2024-11-21 06:28
Severity ?
Summary
ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/xebd/accel-ppp/issues/158 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xebd/accel-ppp/issues/158 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5B872F-636C-4C57-9D89-BB58B8B0BAE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request."
},
{
"lang": "es",
"value": "ACCEL-PPP versi\u00f3n 1.12.0, presenta una lectura fuera de l\u00edmites en post_msg cuando se procesa una call_clear_request"
}
],
"id": "CVE-2021-42870",
"lastModified": "2024-11-21T06:28:15.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T14:15:07.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/xebd/accel-ppp/issues/158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/xebd/accel-ppp/issues/158"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-14 22:15
Modified
2024-11-21 06:50
Severity ?
Summary
The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve_disclosure@tech.gov.sg | https://github.com/accel-ppp/accel-ppp/pull/35 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/accel-ppp/accel-ppp/pull/35 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513A7E25-8C10-473F-97CC-FBB3372950A1",
"versionEndExcluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability."
},
{
"lang": "es",
"value": "La funci\u00f3n rad_packet_recv en el archivo radius/packet.c sufre un desbordamiento del b\u00fafer memcpy, resultando en un recvfrom demasiado grande en un b\u00fafer fijo que causa un desbordamiento del b\u00fafer y sobrescribe la memoria arbitraria. Si el servidor es conectado con un cliente malicioso, las peticiones dise\u00f1adas del cliente pueden desencadenar esta vulnerabilidad de forma remota"
}
],
"id": "CVE-2022-24705",
"lastModified": "2024-11-21T06:50:54.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-14T22:15:08.270",
"references": [
{
"source": "cve_disclosure@tech.gov.sg",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
],
"sourceIdentifier": "cve_disclosure@tech.gov.sg",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-14 22:15
Modified
2024-11-21 06:50
Severity ?
Summary
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve_disclosure@tech.gov.sg | https://github.com/accel-ppp/accel-ppp/pull/35 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/accel-ppp/accel-ppp/pull/35 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C5840-2CCB-4241-8AD3-F3A591D314AA",
"versionEndIncluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer \u0026attr-\u003eval.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered."
},
{
"lang": "es",
"value": "La funci\u00f3n rad_packet_recv en el archivo opt/src/accel-pppd/radius/packet.c sufre una vulnerabilidad de desbordamiento de b\u00fafer, por la que la entrada del usuario len es copiada en un b\u00fafer fijo \u0026amp;attr-\u0026gt;val.integer sin ninguna comprobaci\u00f3n de l\u00edmites. Si el cliente es conectado al servidor y env\u00eda un paquete radius de gran tama\u00f1o, ser\u00e1 desencadenada una vulnerabilidad de desbordamiento del b\u00fafer"
}
],
"id": "CVE-2022-24704",
"lastModified": "2024-11-21T06:50:54.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-14T22:15:08.230",
"references": [
{
"source": "cve_disclosure@tech.gov.sg",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/accel-ppp/accel-ppp/pull/35"
}
],
"sourceIdentifier": "cve_disclosure@tech.gov.sg",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}