9.8

CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WagoPfc Firmware Version < 03.04.10\(16\)
   WagoPfc100 Version-
   WagoPfc200 Version-
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.43% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Mar/6
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2020:0630
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0631
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0633
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0634
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf
Third Party Advisory
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
Patch
Third Party Advisory
https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/
https://security.gentoo.org/glsa/202003-19
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200313-0004/
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04
Third Party Advisory
US Government Resource
https://usn.ubuntu.com/4288-1/
Third Party Advisory
https://usn.ubuntu.com/4288-2/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4632
Third Party Advisory
https://www.kb.cert.org/vuls/id/782301
Third Party Advisory
US Government Resource
https://www.synology.com/security/advisory/Synology_SA_20_02
Third Party Advisory