Vulnerabilities > CVE-2022-0982 - Out-of-bounds Write vulnerability in Accel-Ppp 1.10.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

accel-ppp

CWE-787

critical

NVD

Published: 2022-03-16

Updated: 2022-03-28

Summary

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Accel-Ppp Accel PPP Accel PPP 1.10.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/xebd/accel-ppp/issues/164