Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-4603

Опубликовано: 19 дек. 2022
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

A potential buffer overflow vulnerability was found in ppp. This issue occurs via manipulation of the spkt.buf/rpkt.buf argument, which may cause a crash.

Отчет

pppdump is not used in the normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7pppWill not fix
Red Hat Enterprise Linux 8pppWill not fix
Red Hat Enterprise Linux 9pppWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2255230ppp: improper validation of array index of the component pppdump

EPSS

Процентиль: 34%
0.00138
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-4603

CVSS3: 4.3
ubuntu
около 3 лет назад

A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

nvd логотип

CVE-2022-4603

CVSS3: 4.3
nvd
около 3 лет назад

A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

msrc логотип

CVE-2022-4603

CVSS3: 4.3
msrc
6 месяцев назад

ppp pppdump pppdump.c dumpppp array index

debian логотип

CVE-2022-4603

CVSS3: 4.3
debian
около 3 лет назад

A vulnerability classified as problematic has been found in ppp. Affec ...

suse-cvrf логотип

SUSE-SU-2023:4965-1

suse-cvrf
около 2 лет назад

Security update for ppp

EPSS

Процентиль: 34%
0.00138
Низкий

5.3 Medium

CVSS3