---

CVE-2020-8597 - log back

CVE-2020-8597 edited at 07 Mar 2020 14:29:59
References	https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html + https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 + https://seclists.org/fulldisclosure/2020/Mar/6

CVE-2020-8597 edited at 07 Mar 2020 14:29:24

Description

- eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. + A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability.

CVE-2020-8597 created at 20 Feb 2020 17:19:18
Severity	+ Medium
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
References	+ https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html
Notes