CVE-2015-3310Improper Restriction of Operations within the Bounds of a Memory Buffer in PPP

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow9 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
1.5%
top 18.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Samba PPPDebian PPPPoint-to-point Protocol Project Point-to-point Protocol+2 more
Timeline
PublishedApr 24
Latest updateAug 12

Description

Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/ppp< ppp 2.4.6-3.1 (bookworm)
Debiansamba/ppp< 2.4.6-3.1+3

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

2
GHSA
GHSA-fm2f-v6g4-x3jw: Buffer overflow in the rc_mksid function in plugins/radius/util2022-05-13
OSV
CVE-2015-3310: Buffer overflow in the rc_mksid function in plugins/radius/util2015-04-24

📋Vendor Advisories

4
Microsoft
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial 2025-08-12
Ubuntu
ppp vulnerability2015-05-05
Red Hat
ppp: buffer overflow in radius plug-in's rc_mksid()2015-04-13
Debian
CVE-2015-3310: ppp - Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP ...2015

💬Community

1
Bugzilla
CVE-2015-3310 ppp: buffer overflow in radius plug-in's rc_mksid()2015-04-13