exploitDog

CVE-2020-28194

Опубликовано: 01 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.

Ссылки

https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69
Patch
Third Party Advisory
https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr
Patch
Third Party Advisory
https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69
Patch
Third Party Advisory
https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*

Версия до 1.12.0-e9d369a (исключая)

EPSS

Процентиль: 70%

0.00633

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-191

EPSS

Процентиль: 70%

0.00633

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-191