Vulnerability-Lookup

CVE-2020-8597 (GCVE-0-2020-8597)

Vulnerability from cvelistv5 – Published: 2020-02-03 22:58 – Updated: 2025-12-03 15:15

Summary

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/paulusmack/ppp/commit/8d7970b8…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4632	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2020:0631	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0634	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0633	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0630	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4288-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.kb.cert.org/vuls/id/782301	third-party-advisoryx_refsource_CERT-VN
	http://seclists.org/fulldisclosure/2020/Mar/6	mailing-listx_refsource_FULLDISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://packetstormsecurity.com/files/156662/pppd-…	x_refsource_MISC
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-2020031…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202003-19	vendor-advisoryx_refsource_GENTOO
	https://usn.ubuntu.com/4288-2/	vendor-advisoryx_refsource_UBUNTU
	http://packetstormsecurity.com/files/156802/pppd-…	x_refsource_MISC
	https://kb.netgear.com/000061806/Security-Advisor…	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_MISC
	https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
          },
          {
            "name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
          },
          {
            "name": "DSA-4632",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4632"
          },
          {
            "name": "RHSA-2020:0631",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0631"
          },
          {
            "name": "RHSA-2020:0634",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0634"
          },
          {
            "name": "RHSA-2020:0633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0633"
          },
          {
            "name": "RHSA-2020:0630",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0630"
          },
          {
            "name": "openSUSE-SU-2020:0286",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
          },
          {
            "name": "USN-4288-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4288-1/"
          },
          {
            "name": "VU#782301",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/782301"
          },
          {
            "name": "20200306 Buffer overflow in pppd - CVE-2020-8597",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
          },
          {
            "name": "FEDORA-2020-571091c70b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
          },
          {
            "name": "FEDORA-2020-4304397fe0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
          },
          {
            "name": "GLSA-202003-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-19"
          },
          {
            "name": "USN-4288-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4288-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-8597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T15:15:47.800954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T15:15:50.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-11T18:06:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
        },
        {
          "name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
        },
        {
          "name": "DSA-4632",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4632"
        },
        {
          "name": "RHSA-2020:0631",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0631"
        },
        {
          "name": "RHSA-2020:0634",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0634"
        },
        {
          "name": "RHSA-2020:0633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0633"
        },
        {
          "name": "RHSA-2020:0630",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0630"
        },
        {
          "name": "openSUSE-SU-2020:0286",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
        },
        {
          "name": "USN-4288-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4288-1/"
        },
        {
          "name": "VU#782301",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/782301"
        },
        {
          "name": "20200306 Buffer overflow in pppd - CVE-2020-8597",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
        },
        {
          "name": "FEDORA-2020-571091c70b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
        },
        {
          "name": "FEDORA-2020-4304397fe0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
        },
        {
          "name": "GLSA-202003-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-19"
        },
        {
          "name": "USN-4288-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4288-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426",
              "refsource": "MISC",
              "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
            },
            {
              "name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
            },
            {
              "name": "DSA-4632",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4632"
            },
            {
              "name": "RHSA-2020:0631",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0631"
            },
            {
              "name": "RHSA-2020:0634",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0634"
            },
            {
              "name": "RHSA-2020:0633",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0633"
            },
            {
              "name": "RHSA-2020:0630",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0630"
            },
            {
              "name": "openSUSE-SU-2020:0286",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
            },
            {
              "name": "USN-4288-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4288-1/"
            },
            {
              "name": "VU#782301",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/782301"
            },
            {
              "name": "20200306 Buffer overflow in pppd - CVE-2020-8597",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
            },
            {
              "name": "FEDORA-2020-571091c70b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
            },
            {
              "name": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_02",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
            },
            {
              "name": "FEDORA-2020-4304397fe0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200313-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
            },
            {
              "name": "GLSA-202003-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-19"
            },
            {
              "name": "USN-4288-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4288-2/"
            },
            {
              "name": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
            },
            {
              "name": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136",
              "refsource": "CONFIRM",
              "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-8597",
    "datePublished": "2020-02-03T22:58:21.000Z",
    "dateReserved": "2020-02-03T00:00:00.000Z",
    "dateUpdated": "2025-12-03T15:15:50.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html\", \"name\": \"[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4632\", \"name\": \"DSA-4632\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0631\", \"name\": \"RHSA-2020:0631\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0634\", \"name\": \"RHSA-2020:0634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0633\", \"name\": \"RHSA-2020:0633\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0630\", \"name\": \"RHSA-2020:0630\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html\", \"name\": \"openSUSE-SU-2020:0286\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4288-1/\", \"name\": \"USN-4288-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/782301\", \"name\": \"VU#782301\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Mar/6\", \"name\": \"20200306 Buffer overflow in pppd - CVE-2020-8597\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/\", \"name\": \"FEDORA-2020-571091c70b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_02\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/\", \"name\": \"FEDORA-2020-4304397fe0\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200313-0004/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-19\", \"name\": \"GLSA-202003-19\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4288-2/\", \"name\": \"USN-4288-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T10:03:46.256Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-8597\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-03T15:15:47.800954Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-03T15:12:54.618Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html\", \"name\": \"[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4632\", \"name\": \"DSA-4632\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0631\", \"name\": \"RHSA-2020:0631\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0634\", \"name\": \"RHSA-2020:0634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0633\", \"name\": \"RHSA-2020:0633\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0630\", \"name\": \"RHSA-2020:0630\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html\", \"name\": \"openSUSE-SU-2020:0286\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://usn.ubuntu.com/4288-1/\", \"name\": \"USN-4288-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/782301\", \"name\": \"VU#782301\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Mar/6\", \"name\": \"20200306 Buffer overflow in pppd - CVE-2020-8597\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/\", \"name\": \"FEDORA-2020-571091c70b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_02\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/\", \"name\": \"FEDORA-2020-4304397fe0\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200313-0004/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-19\", \"name\": \"GLSA-202003-19\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://usn.ubuntu.com/4288-2/\", \"name\": \"USN-4288-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2020-08-11T18:06:00.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426\", \"name\": \"https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html\", \"name\": \"[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4632\", \"name\": \"DSA-4632\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0631\", \"name\": \"RHSA-2020:0631\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0634\", \"name\": \"RHSA-2020:0634\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0633\", \"name\": \"RHSA-2020:0633\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0630\", \"name\": \"RHSA-2020:0630\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html\", \"name\": \"openSUSE-SU-2020:0286\", \"refsource\": \"SUSE\"}, {\"url\": \"https://usn.ubuntu.com/4288-1/\", \"name\": \"USN-4288-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/782301\", \"name\": \"VU#782301\", \"refsource\": \"CERT-VN\"}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Mar/6\", \"name\": \"20200306 Buffer overflow in pppd - CVE-2020-8597\", \"refsource\": \"FULLDISC\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/\", \"name\": \"FEDORA-2020-571091c70b\", \"refsource\": \"FEDORA\"}, {\"url\": \"http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html\", \"name\": \"http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_02\", \"name\": \"https://www.synology.com/security/advisory/Synology_SA_20_02\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/\", \"name\": \"FEDORA-2020-4304397fe0\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200313-0004/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200313-0004/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-19\", \"name\": \"GLSA-202003-19\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://usn.ubuntu.com/4288-2/\", \"name\": \"USN-4288-2\", \"refsource\": \"UBUNTU\"}, {\"url\": \"http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html\", \"name\": \"http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136\", \"name\": \"https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf\", \"refsource\": \"MISC\"}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04\", \"name\": \"https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-8597\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-8597\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T15:15:50.472Z\", \"dateReserved\": \"2020-02-03T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-02-03T22:58:21.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CVE-2020-8597

Vulnerability from fstec - Published: 16.03.2020

Title

Уязвимость функций eap_request и eap_response демона pppd протокола PPP (Point-to-Point Protocol), позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость функций eap_request и eap_response демона pppd протокола PPP (Point-to-Point Protocol) связана с ошибками переполнения буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или выполнить произвольный код с помощью специально сформированного EAP-пакета

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Fedora Project, ООО «Ред Софт», ООО «РусБИТех-Астра», Novell Inc., АО «Концерн ВНИИНС», АО «ИВК»

Software Name

Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Fedora, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), point-to-point daemon, openSUSE, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), Альт 8 СП (запись в едином реестре российских программ №4305)

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 30 (Fedora), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), 19.10 (Ubuntu), до 7.2 Муром (РЕД ОС), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), от 2.4.2 до 2.4.8 (point-to-point daemon), 15.1 (openSUSE), 1.0 (ОС ОН «Стрелец»), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Установить обновления безопасности для пакета ppp-2.4.7-22 Для ОС ОН «Стрелец»: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет ppp до 2.4.7-1+4+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения ppp до версии 2.4.7-1+4+deb9u1 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597 https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/ https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html https://nvd.nist.gov/vuln/detail/CVE-2020-8597 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie https://usn.ubuntu.com/4288-1/ https://www.securitylab.ru/news/505625.php https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-120

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 30 (Fedora), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), 19.10 (Ubuntu), \u0434\u043e 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u043e\u0442 2.4.2 \u0434\u043e 2.4.8 (point-to-point daemon), 15.1 (openSUSE), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043f\u0430\u043a\u0435\u0442\u0430 ppp-2.4.7-22\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ppp \u0434\u043e 2.4.7-1+4+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ppp \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.7-1+4+deb9u1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.03.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.03.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8597",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Fedora, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), point-to-point daemon, openSUSE, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 64-bit, Red Hat Inc. Red Hat Enterprise Linux 7 IA-32, Canonical Ltd. Ubuntu 16.04 LTS 32-bit, Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 31 , Canonical Ltd. Ubuntu 19.10 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 \u0434\u043e 7.2 \u041c\u0443\u0440\u043e\u043c  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Novell Inc. openSUSE 15.1 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 eap_request \u0438 eap_response \u0434\u0435\u043c\u043e\u043d\u0430 pppd \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 PPP (Point-to-Point Protocol), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 eap_request \u0438 eap_response \u0434\u0435\u043c\u043e\u043d\u0430 pppd \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 PPP (Point-to-Point Protocol) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e EAP-\u043f\u0430\u043a\u0435\u0442\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597\nhttps://lists.debian.org/debian-lts-announce/2020/02/msg00005.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/\nhttps://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8597\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\nhttps://usn.ubuntu.com/4288-1/\nhttps://www.securitylab.ru/news/505625.php\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

CERTFR-2020-AVI-325

Vulnerability from certfr_avis - Published: 2020-05-29 - Updated: 2020-05-29

Une vulnérabilité a été découverte dans Hirschmann OWL. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Hirschmann OWL versions antérieures à 06.2.04

References

Title

Publication Time

Tags

Bulletin de sécurité Belden du 27 mai 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Hirschmann OWL versions ant\u00e9rieures \u00e0 06.2.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8597"
    }
  ],
  "initial_release_date": "2020-05-29T00:00:00",
  "last_revision_date": "2020-05-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-325",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Hirschmann OWL. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Hirschmann OWL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Belden du 27 mai 2020",
      "url": "https://www.belden.com//hubfs/support/security/bulletins/Belden_Security_Bulletin_BSECV-2020-06_1v0.pdf"
    }
  ]
}

CERTFR-2022-AVI-017

Vulnerability from certfr_avis - Published: 2022-01-11 - Updated: 2022-01-11

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Easergy P5, versions antérieures à 01.401.101, se référer aux informations fournies par l'éditeur pour appliquer les mesures de contournement
N/A	N/A	ConneXium Tofino Firewall TCSEFEA23F3F20 et 21, toutes versions. Ces produits ne sont plus maintenus par l'éditeur qui incite fortement à mettre à jour vers la gamme TCSEFA23F3F22
Schneider Electric	N/A	ConneXium Tofino OPC-LSM TCSEFM0000, versions antérieures à 03.23
N/A	N/A	CODESYS V3, vérifier l'avis SEVD-2022-011-06 pour identifier les périphériques utilisant ce système d'exploitation et appliquer les mesures de contournement suggérées par l'éditeur
N/A	N/A	Easergy T300, versions antérieures à 2.7.1
Schneider Electric	N/A	Easergy P3, versions antérieures à 30.205, se référer aux informations fournies par l'éditeur pour appliquer les mesures de contournement
Schneider Electric	N/A	EcoStruxure Power Monitoring Expert 2020, versions antérieures à 2020 CU3 sans le composant Floating License Manager 2.7
Schneider Electric	N/A	ConneXium Tofino Firewall TCSEFEA23F3F22, versions antérieures à 03.23
Schneider Electric	Modicon M340	Modicon M340 Quantum et Premium Quantum CPUs, vérifier l'avis SEVD-2022-011-01 pour identifier les autres systèmes Modicon vulnérables et appliquer les mesures de contournement suggérées par l'éditeur
Schneider Electric	N/A	EcoStruxure Power Monitoring Expert 9.0, toutes versions. Ces produits ne sont plus maintenus par l'éditeur qui incite fortement à mettre à jour vers la gamme Power Monitoring Expert 2021

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2022-011-07 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-011-03 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-011-04 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-011-01 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-011-02 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-011-05 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-011-06 du 11 janvier 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Easergy P5, versions ant\u00e9rieures \u00e0 01.401.101, se r\u00e9f\u00e9rer aux informations fournies par l\u0027\u00e9diteur pour appliquer les mesures de contournement",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ConneXium Tofino Firewall TCSEFEA23F3F20 et 21, toutes versions. Ces produits ne sont plus maintenus par l\u0027\u00e9diteur qui incite fortement \u00e0 mettre \u00e0 jour vers la gamme TCSEFA23F3F22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ConneXium Tofino OPC-LSM TCSEFM0000, versions ant\u00e9rieures \u00e0 03.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "CODESYS V3, v\u00e9rifier l\u0027avis SEVD-2022-011-06 pour identifier les p\u00e9riph\u00e9riques utilisant ce syst\u00e8me d\u0027exploitation et appliquer les mesures de contournement sugg\u00e9r\u00e9es par l\u0027\u00e9diteur",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Easergy T300, versions ant\u00e9rieures \u00e0 2.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Easergy P3, versions ant\u00e9rieures \u00e0 30.205, se r\u00e9f\u00e9rer aux informations fournies par l\u0027\u00e9diteur pour appliquer les mesures de contournement",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Monitoring Expert 2020, versions ant\u00e9rieures \u00e0 2020 CU3 sans le composant Floating License Manager 2.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "ConneXium Tofino Firewall TCSEFEA23F3F22, versions ant\u00e9rieures \u00e0 03.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M340 Quantum et Premium Quantum CPUs, v\u00e9rifier l\u0027avis SEVD-2022-011-01 pour identifier les autres syst\u00e8mes Modicon vuln\u00e9rables et appliquer les mesures de contournement sugg\u00e9r\u00e9es par l\u0027\u00e9diteur",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Monitoring Expert 9.0, toutes versions. Ces produits ne sont plus maintenus par l\u0027\u00e9diteur qui incite fortement \u00e0 mettre \u00e0 jour vers la gamme Power Monitoring Expert 2021",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22723"
    },
    {
      "name": "CVE-2021-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21869"
    },
    {
      "name": "CVE-2021-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21866"
    },
    {
      "name": "CVE-2021-30066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30066"
    },
    {
      "name": "CVE-2021-30064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30064"
    },
    {
      "name": "CVE-2022-22724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22724"
    },
    {
      "name": "CVE-2019-8963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8963"
    },
    {
      "name": "CVE-2021-30063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30063"
    },
    {
      "name": "CVE-2021-30061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30061"
    },
    {
      "name": "CVE-2021-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21863"
    },
    {
      "name": "CVE-2022-22722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22722"
    },
    {
      "name": "CVE-2021-21865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21865"
    },
    {
      "name": "CVE-2020-7534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7534"
    },
    {
      "name": "CVE-2021-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21867"
    },
    {
      "name": "CVE-2022-22804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22804"
    },
    {
      "name": "CVE-2021-30062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30062"
    },
    {
      "name": "CVE-2022-22726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22726"
    },
    {
      "name": "CVE-2022-22725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22725"
    },
    {
      "name": "CVE-2021-29241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29241"
    },
    {
      "name": "CVE-2020-8597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8597"
    },
    {
      "name": "CVE-2021-29240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29240"
    },
    {
      "name": "CVE-2022-22727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22727"
    },
    {
      "name": "CVE-2021-21864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21864"
    },
    {
      "name": "CVE-2021-21868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21868"
    },
    {
      "name": "CVE-2021-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30065"
    },
    {
      "name": "CVE-2021-33485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33485"
    }
  ],
  "initial_release_date": "2022-01-11T00:00:00",
  "last_revision_date": "2022-01-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-017",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-07 du 11 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-03 du 11 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-04 du 11 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-01 du 11 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-02 du 11 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-05 du 11 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-06 du 11 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-06"
    }
  ]
}

CERTFR-2020-AVI-331

Vulnerability from certfr_avis - Published: 2020-06-02 - Updated: 2020-06-02

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Android toutes versions sans le correctif de sécurité du 01 juin 2020

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 01 juin 2020	None	vendor-advisory
Bulletin de sécurité Pixel du 01 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Android toutes versions sans le correctif de s\u00e9curit\u00e9 du 01 juin 2020",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0197"
    },
    {
      "name": "CVE-2020-0176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0176"
    },
    {
      "name": "CVE-2019-13135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13135"
    },
    {
      "name": "CVE-2020-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0165"
    },
    {
      "name": "CVE-2020-0120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0120"
    },
    {
      "name": "CVE-2019-19529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19529"
    },
    {
      "name": "CVE-2020-0137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0137"
    },
    {
      "name": "CVE-2020-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0206"
    },
    {
      "name": "CVE-2020-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0216"
    },
    {
      "name": "CVE-2020-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0204"
    },
    {
      "name": "CVE-2020-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0177"
    },
    {
      "name": "CVE-2020-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0194"
    },
    {
      "name": "CVE-2020-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0095"
    },
    {
      "name": "CVE-2020-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3660"
    },
    {
      "name": "CVE-2020-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0212"
    },
    {
      "name": "CVE-2020-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3658"
    },
    {
      "name": "CVE-2020-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0153"
    },
    {
      "name": "CVE-2020-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0211"
    },
    {
      "name": "CVE-2020-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0234"
    },
    {
      "name": "CVE-2020-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3661"
    },
    {
      "name": "CVE-2020-0199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0199"
    },
    {
      "name": "CVE-2020-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0210"
    },
    {
      "name": "CVE-2020-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0161"
    },
    {
      "name": "CVE-2017-9704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9704"
    },
    {
      "name": "CVE-2020-0168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0168"
    },
    {
      "name": "CVE-2019-10501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10501"
    },
    {
      "name": "CVE-2019-19543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19543"
    },
    {
      "name": "CVE-2019-10626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10626"
    },
    {
      "name": "CVE-2020-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0144"
    },
    {
      "name": "CVE-2020-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0233"
    },
    {
      "name": "CVE-2020-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0160"
    },
    {
      "name": "CVE-2019-19526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19526"
    },
    {
      "name": "CVE-2020-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0187"
    },
    {
      "name": "CVE-2020-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0167"
    },
    {
      "name": "CVE-2020-0118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0118"
    },
    {
      "name": "CVE-2020-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0179"
    },
    {
      "name": "CVE-2020-3614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3614"
    },
    {
      "name": "CVE-2020-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0145"
    },
    {
      "name": "CVE-2020-0171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0171"
    },
    {
      "name": "CVE-2020-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3642"
    },
    {
      "name": "CVE-2020-0151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0151"
    },
    {
      "name": "CVE-2020-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0185"
    },
    {
      "name": "CVE-2020-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0115"
    },
    {
      "name": "CVE-2020-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0147"
    },
    {
      "name": "CVE-2020-0113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0113"
    },
    {
      "name": "CVE-2019-19071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19071"
    },
    {
      "name": "CVE-2020-0141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0141"
    },
    {
      "name": "CVE-2019-18683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18683"
    },
    {
      "name": "CVE-2020-0133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0133"
    },
    {
      "name": "CVE-2020-0140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0140"
    },
    {
      "name": "CVE-2019-19767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
    },
    {
      "name": "CVE-2020-0131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0131"
    },
    {
      "name": "CVE-2020-3662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3662"
    },
    {
      "name": "CVE-2020-0139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0139"
    },
    {
      "name": "CVE-2020-0143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0143"
    },
    {
      "name": "CVE-2020-0136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0136"
    },
    {
      "name": "CVE-2020-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0169"
    },
    {
      "name": "CVE-2020-0186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0186"
    },
    {
      "name": "CVE-2020-0132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0132"
    },
    {
      "name": "CVE-2020-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0149"
    },
    {
      "name": "CVE-2019-2219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2219"
    },
    {
      "name": "CVE-2020-0172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0172"
    },
    {
      "name": "CVE-2020-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0156"
    },
    {
      "name": "CVE-2020-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0158"
    },
    {
      "name": "CVE-2020-3676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3676"
    },
    {
      "name": "CVE-2020-0124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0124"
    },
    {
      "name": "CVE-2020-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0203"
    },
    {
      "name": "CVE-2020-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0142"
    },
    {
      "name": "CVE-2020-8648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
    },
    {
      "name": "CVE-2020-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3635"
    },
    {
      "name": "CVE-2020-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0232"
    },
    {
      "name": "CVE-2020-0116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0116"
    },
    {
      "name": "CVE-2020-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0215"
    },
    {
      "name": "CVE-2020-8428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
    },
    {
      "name": "CVE-2020-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0154"
    },
    {
      "name": "CVE-2020-0134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0134"
    },
    {
      "name": "CVE-2020-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0164"
    },
    {
      "name": "CVE-2019-14080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14080"
    },
    {
      "name": "CVE-2019-17666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
    },
    {
      "name": "CVE-2020-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0155"
    },
    {
      "name": "CVE-2020-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0217"
    },
    {
      "name": "CVE-2020-0163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0163"
    },
    {
      "name": "CVE-2020-0170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0170"
    },
    {
      "name": "CVE-2020-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0114"
    },
    {
      "name": "CVE-2020-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0235"
    },
    {
      "name": "CVE-2020-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0191"
    },
    {
      "name": "CVE-2020-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0188"
    },
    {
      "name": "CVE-2019-14092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14092"
    },
    {
      "name": "CVE-2020-0127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0127"
    },
    {
      "name": "CVE-2020-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0213"
    },
    {
      "name": "CVE-2020-0196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0196"
    },
    {
      "name": "CVE-2020-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0193"
    },
    {
      "name": "CVE-2020-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0126"
    },
    {
      "name": "CVE-2020-0121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0121"
    },
    {
      "name": "CVE-2019-10597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10597"
    },
    {
      "name": "CVE-2019-14076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14076"
    },
    {
      "name": "CVE-2020-0181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0181"
    },
    {
      "name": "CVE-2020-0135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0135"
    },
    {
      "name": "CVE-2019-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14062"
    },
    {
      "name": "CVE-2020-0183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0183"
    },
    {
      "name": "CVE-2020-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0117"
    },
    {
      "name": "CVE-2020-3628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3628"
    },
    {
      "name": "CVE-2020-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0148"
    },
    {
      "name": "CVE-2020-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0166"
    },
    {
      "name": "CVE-2019-14073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14073"
    },
    {
      "name": "CVE-2020-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0208"
    },
    {
      "name": "CVE-2020-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0162"
    },
    {
      "name": "CVE-2019-14047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14047"
    },
    {
      "name": "CVE-2020-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0207"
    },
    {
      "name": "CVE-2019-9460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9460"
    },
    {
      "name": "CVE-2020-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0200"
    },
    {
      "name": "CVE-2020-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0190"
    },
    {
      "name": "CVE-2019-14094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14094"
    },
    {
      "name": "CVE-2020-0173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0173"
    },
    {
      "name": "CVE-2020-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0152"
    },
    {
      "name": "CVE-2020-0138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0138"
    },
    {
      "name": "CVE-2020-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0195"
    },
    {
      "name": "CVE-2020-8647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
    },
    {
      "name": "CVE-2020-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0128"
    },
    {
      "name": "CVE-2020-0219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0219"
    },
    {
      "name": "CVE-2020-0184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0184"
    },
    {
      "name": "CVE-2020-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0223"
    },
    {
      "name": "CVE-2020-0180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0180"
    },
    {
      "name": "CVE-2020-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0125"
    },
    {
      "name": "CVE-2020-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0209"
    },
    {
      "name": "CVE-2020-0198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0198"
    },
    {
      "name": "CVE-2019-18786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18786"
    },
    {
      "name": "CVE-2020-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0119"
    },
    {
      "name": "CVE-2020-0175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0175"
    },
    {
      "name": "CVE-2020-0129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0129"
    },
    {
      "name": "CVE-2020-8597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8597"
    },
    {
      "name": "CVE-2019-16275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16275"
    },
    {
      "name": "CVE-2020-3665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3665"
    },
    {
      "name": "CVE-2020-0182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0182"
    },
    {
      "name": "CVE-2020-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0205"
    },
    {
      "name": "CVE-2020-3626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3626"
    },
    {
      "name": "CVE-2020-0192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0192"
    },
    {
      "name": "CVE-2019-14091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14091"
    },
    {
      "name": "CVE-2020-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0150"
    },
    {
      "name": "CVE-2020-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0189"
    },
    {
      "name": "CVE-2020-0178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0178"
    },
    {
      "name": "CVE-2020-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0202"
    },
    {
      "name": "CVE-2020-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0157"
    },
    {
      "name": "CVE-2020-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0146"
    },
    {
      "name": "CVE-2020-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3663"
    },
    {
      "name": "CVE-2020-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0214"
    },
    {
      "name": "CVE-2020-0174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0174"
    },
    {
      "name": "CVE-2020-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0159"
    },
    {
      "name": "CVE-2020-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0218"
    },
    {
      "name": "CVE-2019-13136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
    },
    {
      "name": "CVE-2020-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0201"
    }
  ],
  "initial_release_date": "2020-06-02T00:00:00",
  "last_revision_date": "2020-06-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-331",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 01 juin 2020",
      "url": "https://source.android.com/security/bulletin/2020-06-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Pixel du 01 juin 2020",
      "url": "https://source.android.com/security/bulletin/pixel/2020-06-01"
    }
  ]
}

CERTFR-2020-AVI-494

Vulnerability from certfr_avis - Published: 2020-08-11 - Updated: 2020-08-11

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Desigo CC versions V3.x sans le dernier correctif de sécurité
Siemens	N/A	Automation License Manager versions antérieures à V6.0.8
Siemens	N/A	microgiciel SICAM WEB pour SICAM A8000 RTUs versions antérieures à V05.30
Siemens	N/A	Desigo CC Compact versions V3.x sans le dernier correctif de sécurité
Siemens	N/A	Desigo CC Compact versions V4.x sans le dernier correctif de sécurité
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à 6.3
Siemens	N/A	Desigo CC versions V4.x sans le dernier correctif de sécurité
Siemens	N/A	SIMATIC RF650M
Siemens	N/A	SIMOTICS CONNECT 400
Siemens	N/A	SIMATIC RF350M
Siemens	N/A	SCALANCE M-800 / S615 versions antérieures à 6.3

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-370042 du 11 août 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-809841 du 11 août 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-786743 du 11 août 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-388646 du 11 août 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-712518 du 11 août 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Desigo CC versions V3.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Automation License Manager versions ant\u00e9rieures \u00e0 V6.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "microgiciel SICAM WEB pour SICAM A8000 RTUs versions ant\u00e9rieures \u00e0 V05.30",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC Compact versions V3.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC Compact versions V4.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC versions V4.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF650M",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTICS CONNECT 400",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF350M",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7583"
    },
    {
      "name": "CVE-2019-15126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
    },
    {
      "name": "CVE-2020-8597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8597"
    },
    {
      "name": "CVE-2020-15781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15781"
    },
    {
      "name": "CVE-2020-10055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10055"
    }
  ],
  "initial_release_date": "2020-08-11T00:00:00",
  "last_revision_date": "2020-08-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-494",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-370042 du 11 ao\u00fbt 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-809841 du 11 ao\u00fbt 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-786743 du 11 ao\u00fbt 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388646 du 11 ao\u00fbt 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712518 du 11 ao\u00fbt 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
    }
  ]
}

CNVD-2020-09603

Vulnerability from cnvd - Published: 2020-02-13

Title

PPP缓冲区溢出漏洞

Description

PPP是建立点对点直接连接的数据链接协议。 PPP 2.4.2版本至2.4.8版本中的‘eap_request’和‘eap_response ’函数存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Severity

高

Patch Name

PPP缓冲区溢出漏洞的补丁

Patch Description

PPP是建立点对点直接连接的数据链接协议。 PPP 2.4.2版本至2.4.8版本中的‘eap_request’和‘eap_response ’函数存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作，攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8597

Impacted products

Name
Ppp ppp >=2.4.2，<=2.4.8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8597",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597"
    }
  },
  "description": "PPP\u662f\u5efa\u7acb\u70b9\u5bf9\u70b9\u76f4\u63a5\u8fde\u63a5\u7684\u6570\u636e\u94fe\u63a5\u534f\u8bae\u3002\n\nPPP 2.4.2\u7248\u672c\u81f32.4.8\u7248\u672c\u4e2d\u7684\u2018eap_request\u2019\u548c\u2018eap_response \u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-09603",
  "openTime": "2020-02-13",
  "patchDescription": "PPP\u662f\u5efa\u7acb\u70b9\u5bf9\u70b9\u76f4\u63a5\u8fde\u63a5\u7684\u6570\u636e\u94fe\u63a5\u534f\u8bae\u3002\r\n\r\nPPP 2.4.2\u7248\u672c\u81f32.4.8\u7248\u672c\u4e2d\u7684\u2018eap_request\u2019\u548c\u2018eap_response \u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PPP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ppp ppp \u003e=2.4.2\uff0c\u003c=2.4.8"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8597",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-03",
  "title": "PPP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-GW8R-XFQW-VW42

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2025-12-03 18:30

Details

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-03T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.",
  "id": "GHSA-gw8r-xfqw-vw42",
  "modified": "2025-12-03T18:30:19Z",
  "published": "2022-05-24T17:08:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8597"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/782301"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4632"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4288-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4288-1"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200313-0004"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-19"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0634"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0633"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0631"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0630"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2020-8597

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Aliases

CVE-2020-8597

Aliases

CVE-2020-8597

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8597",
    "description": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.",
    "id": "GSD-2020-8597",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-8597.html",
      "https://www.debian.org/security/2020/dsa-4632",
      "https://access.redhat.com/errata/RHSA-2020:0634",
      "https://access.redhat.com/errata/RHSA-2020:0633",
      "https://access.redhat.com/errata/RHSA-2020:0631",
      "https://access.redhat.com/errata/RHSA-2020:0630",
      "https://ubuntu.com/security/CVE-2020-8597",
      "https://advisories.mageia.org/CVE-2020-8597.html",
      "https://security.archlinux.org/CVE-2020-8597",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-8597.html",
      "https://linux.oracle.com/cve/CVE-2020-8597.html",
      "https://packetstormsecurity.com/files/cve/CVE-2020-8597"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8597"
      ],
      "details": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.",
      "id": "GSD-2020-8597",
      "modified": "2023-12-13T01:21:53.529296Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-8597",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426",
            "refsource": "MISC",
            "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
          },
          {
            "name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
          },
          {
            "name": "DSA-4632",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4632"
          },
          {
            "name": "RHSA-2020:0631",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0631"
          },
          {
            "name": "RHSA-2020:0634",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0634"
          },
          {
            "name": "RHSA-2020:0633",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0633"
          },
          {
            "name": "RHSA-2020:0630",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0630"
          },
          {
            "name": "openSUSE-SU-2020:0286",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
          },
          {
            "name": "USN-4288-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4288-1/"
          },
          {
            "name": "VU#782301",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/782301"
          },
          {
            "name": "20200306 Buffer overflow in pppd - CVE-2020-8597",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
          },
          {
            "name": "FEDORA-2020-571091c70b",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
          },
          {
            "name": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_20_02",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
          },
          {
            "name": "FEDORA-2020-4304397fe0",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200313-0004/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
          },
          {
            "name": "GLSA-202003-19",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202003-19"
          },
          {
            "name": "USN-4288-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4288-2/"
          },
          {
            "name": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
          },
          {
            "name": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136",
            "refsource": "CONFIRM",
            "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
          },
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04",
            "refsource": "MISC",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.8",
                "versionStartIncluding": "2.4.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "03.04.10\\(16\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8597"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
            },
            {
              "name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
            },
            {
              "name": "DSA-4632",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4632"
            },
            {
              "name": "RHSA-2020:0631",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0631"
            },
            {
              "name": "openSUSE-SU-2020:0286",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
            },
            {
              "name": "RHSA-2020:0633",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0633"
            },
            {
              "name": "RHSA-2020:0634",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0634"
            },
            {
              "name": "RHSA-2020:0630",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0630"
            },
            {
              "name": "USN-4288-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4288-1/"
            },
            {
              "name": "VU#782301",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/782301"
            },
            {
              "name": "20200306 Buffer overflow in pppd - CVE-2020-8597",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
            },
            {
              "name": "FEDORA-2020-571091c70b",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
            },
            {
              "name": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_02",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
            },
            {
              "name": "FEDORA-2020-4304397fe0",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200313-0004/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
            },
            {
              "name": "GLSA-202003-19",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202003-19"
            },
            {
              "name": "USN-4288-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4288-2/"
            },
            {
              "name": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
            },
            {
              "name": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-05T17:48Z",
      "publishedDate": "2020-02-03T23:15Z"
    }
  }
}

FKIE_CVE-2020-8597

Vulnerability from fkie_nvd - Published: 2020-02-03 23:15 - Updated: 2025-12-03 16:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html	Mailing List, Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Mar/6	Mailing List, Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0630	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0631	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0633	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0634	Third Party Advisory
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf	Third Party Advisory
cve@mitre.org	https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426	Patch, Third Party Advisory
cve@mitre.org	https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/
cve@mitre.org	https://security.gentoo.org/glsa/202003-19	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200313-0004/	Third Party Advisory
cve@mitre.org	https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04	Third Party Advisory, US Government Resource
cve@mitre.org	https://usn.ubuntu.com/4288-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4288-2/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4632	Third Party Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/782301	Third Party Advisory, US Government Resource
cve@mitre.org	https://www.synology.com/security/advisory/Synology_SA_20_02	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Mar/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0630	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0631	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0633	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0634	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200313-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4288-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4288-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/782301	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_20_02	Third Party Advisory

Impacted products

Vendor	Product	Version
point-to-point_protocol_project	point-to-point_protocol	*
wago	pfc_firmware	*
wago	pfc100	-
wago	pfc200	-
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FFBFCB-AFCE-4EE3-BA1E-5E0D0D60FFC1",
              "versionEndIncluding": "2.4.8",
              "versionStartIncluding": "2.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:pfc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C3DA645-3F47-4B59-B56B-AB16431D0950",
              "versionEndExcluding": "03.04.10\\(16\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."
    },
    {
      "lang": "es",
      "value": "El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del b\u00fafer de rhostname en las funciones eap_request y eap_response."
    }
  ],
  "id": "CVE-2020-8597",
  "lastModified": "2025-12-03T16:15:54.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-02-03T23:15:11.387",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0630"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0631"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0633"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0634"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-19"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4288-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4288-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4632"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/782301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Mar/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4288-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4288-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/782301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2020-8597

Vulnerability from osv_almalinux

Published

2020-02-27 14:59

Modified

2021-08-11 08:54

Summary

Important: ppp security update

Details

The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.

Security Fix(es):

ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ppp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.7-26.el8_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ppp-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.7-26.el8_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.\n\nSecurity Fix(es):\n\n* ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2020:0633",
  "modified": "2021-08-11T08:54:00Z",
  "published": "2020-02-27T14:59:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-0633.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-8597"
    }
  ],
  "related": [
    "CVE-2020-8597"
  ],
  "summary": "Important: ppp security update"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8597 (GCVE-0-2020-8597)

Solution

Solution

Solution

Solution

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature