Vulnerabilities > CVE-2022-0982 - Out-of-bounds Write vulnerability in Accel-Ppp 1.10.0/1.12.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
accel-ppp
CWE-787
critical

Summary

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Accel-Ppp
2

Common Weakness Enumeration (CWE)