Your submission was sent successfully! Close

CVE-2020-8597

Published: 3 February 2020

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
lwip
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Not vulnerable
(2.1.2+dfsg1-6)
hirsute Not vulnerable
(2.1.2+dfsg1-6)
impish Not vulnerable
(2.1.2+dfsg1-6)
jammy Not vulnerable
(2.1.2+dfsg1-6)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

Patches:
upstream: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86

ppp
Launchpad, Ubuntu, Debian
bionic
Released (2.4.7-2+2ubuntu1.2)
eoan
Released (2.4.7-2+4.1ubuntu4.1)
focal
Released (2.4.7-2+4.1ubuntu5)
groovy
Released (2.4.7-2+4.1ubuntu5)
hirsute
Released (2.4.7-2+4.1ubuntu5)
impish
Released (2.4.7-2+4.1ubuntu5)
jammy
Released (2.4.7-2+4.1ubuntu5)
precise
Released (2.4.5-5ubuntu1.3)
trusty
Released (2.4.5-5.1ubuntu2.3+esm1)
upstream Needs triage

xenial
Released (2.4.7-1+2ubuntu1.16.04.2)
Patches:

upstream: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426