Vulnerabilities > CVE-2020-28194 - Integer Underflow (Wrap or Wraparound) vulnerability in Accel-Ppp 1.12.092G38B6104

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

accel-ppp

CWE-191

NVD

Published: 2021-02-01

Updated: 2021-02-05

Summary

Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	Accel-Ppp Accel PPP Accel PPP 1.12.0-92-G38B6104	1

Common Weakness Enumeration (CWE)

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69
https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr