CVE-2020-8597 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability.
Group Package Affected Fixed Severity Status Ticket
AVG-1101 ppp 2.4.7-6 2.4.7-7 Medium Fixed
Date Advisory Group Package Severity Description
07 Mar 2020 ASA-202003-3 AVG-1101 ppp Medium arbitrary code execution
References
https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
https://seclists.org/fulldisclosure/2020/Mar/6