A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | ppp | 2020-05-22 20:57 | ALAS-2020-1371 |
Amazon Linux 2 - Core | ppp | 2020-03-02 23:45 | ALAS2-2020-1400 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |