CVE-2014-3158

EPSS 1.5%

ppp - security update

發布日:2014/11/15修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-3158

描述

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."

受影響套件(3)

Debian/pppfrom 0, < 2.4.6-3
Debian/pppfrom 0, < 2.4.5-4+deb6u1
Debian/pppfrom 0, < 2.4.5-5.1+deb7u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3158