Vulnerabilities > Accel PPP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-16 | CVE-2021-42870 | Out-of-bounds Read vulnerability in Accel-Ppp 1.12.0 ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request. | 7.5 |
| 2022-03-16 | CVE-2022-0982 | Out-of-bounds Write vulnerability in Accel-Ppp 1.10.0 The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. | 9.8 |
| 2022-02-14 | CVE-2022-24704 | Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0 The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. | 9.8 |
| 2022-02-14 | CVE-2022-24705 | Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0 The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. | 9.8 |
| 2021-10-07 | CVE-2021-42054 | Out-of-bounds Read vulnerability in Accel-Ppp 1.12.0 ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication. | 7.5 |
| 2021-02-01 | CVE-2020-28194 | Integer Underflow (Wrap or Wraparound) vulnerability in Accel-Ppp 1.10.0/1.12.0/1.12.092G38B6104 Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. | 9.8 |
| 2020-09-09 | CVE-2020-15173 | Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0/1.12.0/1.12.092G38B6104 In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. | 9.8 |