Описание
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the refuse-app option are unaffected.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 2.4.7-2+2ubuntu1.1 |
| cosmic | released | 2.4.7-2+3ubuntu1 |
| devel | released | 2.4.7-2+3ubuntu1 |
| esm-infra-legacy/trusty | released | 2.4.5-5.1ubuntu2.3 |
| esm-infra/bionic | released | 2.4.7-2+2ubuntu1.1 |
| esm-infra/xenial | released | 2.4.7-1+2ubuntu1.16.04.1 |
| precise/esm | not-affected | code not present |
| trusty | released | 2.4.5-5.1ubuntu2.3 |
| trusty/esm | released | 2.4.5-5.1ubuntu2.3 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
Improper input validation together with an integer overflow in the EAP ...
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
7.5 High
CVSS2
9.8 Critical
CVSS3