CVE-2014-3158

EPSS 1.75%
Veröffentlicht 15.11.2014 21:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Point-to-point Protocol Project ≫ Point-to-point Protocol Version <= 2.4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.75%	0.819

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://advisories.mageia.org/MGASA-2014-0368.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html

http://marc.info/?l=linux-ppp&m=140764978420764

http://www.debian.org/security/2014/dsa-3079

http://www.mandriva.com/security/advisories?name=MDVSA-2015:135

http://www.ubuntu.com/usn/USN-2429-1

https://bugzilla.redhat.com/show_bug.cgi?id=1128748

https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb

https://nvd.nist.gov/vuln/detail/CVE-2014-3158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3158

EUVD