CVE-2020-8597

Published: Feb 3, 2020Modified: Dec 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Affected (9)

Products: Point To Point Protocol Project: Point To Point Protocol · Wago: Pfc Firmware · Debian: Debian Linux · +1 more

Show all products

Point To Point Protocol Project: Point To Point Protocol · Wago: Pfc Firmware · Debian: Debian Linux · Canonical: Ubuntu Linux

Point To Point Protocol Project

1 product

Point To Point Protocol

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Point To Point Protocol Project Point To Point Protocol	From 2.4.2 to 2.4.8

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Wago Pfc Firmware	Before 03.04.10\(16\)

Running on/with	Platform Versions
Wago Pfc100	All versions
Wago Pfc200	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (44)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Mar/6

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2020:0630

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0631

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0633

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0634

Source: cve@mitre.org

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf

Source: cve@mitre.org

Third Party Advisory

https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

Source: cve@mitre.org

PatchThird Party Advisory

https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202003-19

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200313-0004/

Source: cve@mitre.org

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://usn.ubuntu.com/4288-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4288-2/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4632

Source: cve@mitre.org

Third Party Advisory

https://www.kb.cert.org/vuls/id/782301

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://www.synology.com/security/advisory/Synology_SA_20_02

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Mar/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2020:0630

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0631

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0633

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0634

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202003-19

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200313-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://usn.ubuntu.com/4288-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4288-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2020/dsa-4632

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.kb.cert.org/vuls/id/782301

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.synology.com/security/advisory/Synology_SA_20_02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.