CVE-2024-58250Untrusted Search Path in Samba PPP

CWE-426Untrusted Search Path4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
0.1%
top 72.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samba PPPDebian PPP
Timeline
PublishedApr 22

Description

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.5 | Impact: 6.0

Affected Packages3 packages

CVEListV5samba/ppp< 2.5.2
debiandebian/ppp< ppp 2.5.2-1+1 (forky)
Debiansamba/ppp< 2.5.2-1+1+1

🔴Vulnerability Details

2
OSV
CVE-2024-58250: The passprompt plugin in pppd in ppp before 22025-04-22
GHSA
GHSA-v77v-qh6r-74qh: The passprompt plugin in pppd in ppp before 22025-04-22

📋Vendor Advisories

1
Debian
CVE-2024-58250: ppp - The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.2024