CVE-2020-8597Classic Buffer Overflow in PFC Firmware

CWE-120Classic Buffer Overflow15 documents11 sources
Severity
9.8CRITICALNVD
EPSS
62.8%
top 1.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Lwip Project LwipSamba PPPWago PFC Firmware+9 more
Timeline
PublishedFeb 3
Latest updateMay 24

Description

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

debiandebian/ppp< lwip 2.1.2+dfsg1-5 (bookworm)
debiandebian/lwip< lwip 2.1.2+dfsg1-5 (bookworm)
NVDwago/pfc_firmware< 03.04.10\(16\)
Debiansamba/ppp< 2.4.8-1+1+3
Debianlwip_project/lwip< 2.1.2+dfsg1-5+3

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-gw8r-xfqw-vw42: eap2022-05-24
OSV
CVE-2020-8597: eap2020-02-03

📋Vendor Advisories

7
CISA ICS
Siemens SCALANCE, RUGGEDCOM2020-08-11
Android
CVE-2020-8597: Android Security Bulletin 2020-06-01 CVE: CVE-2020-8597 Severity: CRITICAL Type: RCE Affected AOSP versions: 82020-06-01
Ubuntu
ppp vulnerability2020-03-02
Ubuntu
ppp vulnerability2020-02-20
Microsoft
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.2020-02-11

🕵️Threat Intelligence

2
Tenable
How COVID-19 Response Is Expanding the Cyberattack Surface2020-03-30
Tenable
CVE-2020-8597: Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd)2020-03-06

💬Community

3
Bugzilla
CVE-2019-8597 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution2020-09-08
Bugzilla
CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c [fedora-all]2020-02-07
Bugzilla
CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c2020-02-07