Vulnerabilities > Accel PPP

DATE CVE VULNERABILITY TITLE RISK
2022-05-16 CVE-2021-42870 Out-of-bounds Read vulnerability in Accel-Ppp 1.12.0
ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.
network
low complexity
accel-ppp CWE-125
7.5
2022-03-16 CVE-2022-0982 Out-of-bounds Write vulnerability in Accel-Ppp 1.10.0/1.12.0
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks.
network
low complexity
accel-ppp CWE-787
critical
9.8
2022-02-14 CVE-2022-24704 Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0/1.12.0
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks.
network
low complexity
accel-ppp CWE-120
critical
9.8
2022-02-14 CVE-2022-24705 Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0/1.12.0
The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory.
network
low complexity
accel-ppp CWE-120
critical
9.8
2021-10-07 CVE-2021-42054 Out-of-bounds Read vulnerability in Accel-Ppp 1.12.0
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.
network
low complexity
accel-ppp CWE-125
7.5
2021-02-01 CVE-2020-28194 Integer Underflow (Wrap or Wraparound) vulnerability in Accel-Ppp 1.10.0/1.12.0/1.12.092G38B6104
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2.
network
low complexity
accel-ppp CWE-191
critical
9.8
2020-09-09 CVE-2020-15173 Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0/1.12.0/1.12.092G38B6104
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6.
network
low complexity
accel-ppp CWE-120
critical
9.8