CVE-2022-24704: The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered. CVE-2022-24705: The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. Patch is merged but not yet in any release. Might just be worth snapshotting again.
CVE-2022-0982 (https://github.com/xebd/accel-ppp/issues/164): The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
CVE-2021-42870 (https://github.com/xebd/accel-ppp/issues/158): ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.
PinkByte: are there fixes for CVE-2022-0982 and CVE-2021-42870?
