CVE-2014-3158

EPSS 1.5%

ppp - security update

Published: 11/15/2014Modified: 4/28/2026

Description

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."

Affected packages (3)

Debian/pppfrom 0, < 2.4.6-3
Debian/pppfrom 0, < 2.4.5-4+deb6u1
Debian/pppfrom 0, < 2.4.5-5.1+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3158