Vulnerabilities > CVE-2020-28194 - Integer Underflow (Wrap or Wraparound) vulnerability in Accel-Ppp 1.10.0/1.12.0/1.12.092G38B6104
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69
- https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69
- https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr
- https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr