Home > Vulnerability Database > WS-2022-0246

Mend.io Vulnerability Database

WS-2022-0246

Good to know:

Date: June 28, 2022

A global overflow vulnerability was discovered in pppdump 2.4.9. Specifically, when the -p flag is given for enabling the pppmodeon the pppdump command, a malicious crafted pppdump file can trigger a global overflow, which may lead to a Remote Code Execution (RCE) on the victim side by running malicious crafted ppp packets with the pppdump utility.

Language: C

Severity Score

9.8

Related Resources (2)

Url: https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf

Url: https://www.mend.io/vulnerability-database/WS-2022-0246

Severity Score

9.8

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version ppp - 2.4.8

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0246

Good to know:

Date: June 28, 2022

Language: C

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?