Summary: | net-dialup/accel-ppp: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | trivial | CC: | pinkbyte |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/accel-ppp/accel-ppp/pull/35 | ||
Whiteboard: | ~2 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-02-16 03:33:51 UTC
CVE-2022-0982 (https://github.com/xebd/accel-ppp/issues/164): The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. CVE-2021-42870 (https://github.com/xebd/accel-ppp/issues/158): ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request. PinkByte: are there fixes for CVE-2022-0982 and CVE-2021-42870? |