{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-18T21:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "USN-2429-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2429-1"}, {"name": "[linux-ppp] 20140810 ppp-2.4.7 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-ppp&m=140764978420764"}, {"name": "MDVSA-2015:135", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748"}, {"name": "FEDORA-2014-9412", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html"}, {"name": "DSA-3079", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3079"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0368.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-3158", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2429-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2429-1"}, {"name": "[linux-ppp] 20140810 ppp-2.4.7 released", "refsource": "MLIST", "url": "http://marc.info/?l=linux-ppp&m=140764978420764"}, {"name": "MDVSA-2015:135", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748"}, {"name": "FEDORA-2014-9412", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html"}, {"name": "DSA-3079", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3079"}, {"name": "http://advisories.mageia.org/MGASA-2014-0368.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0368.html"}, {"name": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb", "refsource": "CONFIRM", "url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:56.933Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2429-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2429-1"}, {"name": "[linux-ppp] 20140810 ppp-2.4.7 released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-ppp&m=140764978420764"}, {"name": "MDVSA-2015:135", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748"}, {"name": "FEDORA-2014-9412", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html"}, {"name": "DSA-3079", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3079"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0368.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-3158", "datePublished": "2014-11-15T21:00:00", "dateReserved": "2014-05-03T00:00:00", "dateUpdated": "2024-08-06T10:35:56.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*", "matchCriteriaId": "B82DE957-F0F3-4989-82DC-85712A8D8E44", "versionEndIncluding": "2.4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\""}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n en options.c en pppd en Paul's PPP Package (ppp) anterior a 2.4.7 permite a atacantes el 'Acceso a opciones privilegiadas' a trav\u00e9s de una palabra larga en el archivo de opciones, que provoca un desbordamiento de buffer basado en memoria din\u00e1mica que '(corrompe) las variables relevantes para la seguridad'."}], "id": "CVE-2014-3158", "lastModified": "2024-11-21T02:07:33.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-15T21:59:00.117", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://advisories.mageia.org/MGASA-2014-0368.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://marc.info/?l=linux-ppp&m=140764978420764"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2014/dsa-3079"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2429-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748"}, {"source": "chrome-cve-admin@google.com", "url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0368.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=linux-ppp&m=140764978420764"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3079"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2429-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ppp: integer overflow in option parsing", "id": "1128748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-190", "details": ["Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\""], "name": "CVE-2014-3158", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ppp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ppp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ppp", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-08-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3158\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3158"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of ppp as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/clasification/.", "threat_severity": "Moderate", "upstream_fix": "ppp 2.4.7"}