Vulnerabilities > Point TO Point Protocol Project > Point TO Point Protocol > 2.4.6

DATE CVE VULNERABILITY TITLE RISK
2020-02-03 CVE-2020-8597 Classic Buffer Overflow vulnerability in multiple products
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
network
low complexity
point-to-point-protocol-project wago debian canonical CWE-120
critical
9.8
2018-06-14 CVE-2018-11574 Integer Overflow or Wraparound vulnerability in multiple products
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass.
network
low complexity
point-to-point-protocol-project canonical CWE-190
critical
9.8
2015-04-24 CVE-2015-3310 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
4.3