CVE-2020-8597

Name
CVE-2020-8597
Description
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
MLIST https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html
DEBIAN https://www.debian.org/security/2020/dsa-4632
REDHAT https://access.redhat.com/errata/RHSA-2020:0631
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html
REDHAT https://access.redhat.com/errata/RHSA-2020:0633
REDHAT https://access.redhat.com/errata/RHSA-2020:0634
REDHAT https://access.redhat.com/errata/RHSA-2020:0630
UBUNTU https://usn.ubuntu.com/4288-1/
CERT-VN https://www.kb.cert.org/vuls/id/782301
FULLDISC http://seclists.org/fulldisclosure/2020/Mar/6
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/
MISC http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html
CONFIRM https://www.synology.com/security/advisory/Synology_SA_20_02
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/
CONFIRM https://security.netapp.com/advisory/ntap-20200313-0004/
GENTOO https://security.gentoo.org/glsa/202003-19
UBUNTU https://usn.ubuntu.com/4288-2/
MISC http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html
CONFIRM https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136
MISC https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf
MISC https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:* point-to-point_protocol >= 2.4.2 <= 2.4.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ppp 3.10-main 2.4.7-r7 Natanael Copa <ncopa@alpinelinux.org> fixed