{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-11T18:06:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"}, {"name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"}, {"name": "DSA-4632", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4632"}, {"name": "RHSA-2020:0631", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0631"}, {"name": "RHSA-2020:0634", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0634"}, {"name": "RHSA-2020:0633", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0633"}, {"name": "RHSA-2020:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0630"}, {"name": "openSUSE-SU-2020:0286", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"}, {"name": "USN-4288-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4288-1/"}, {"name": "VU#782301", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/782301"}, {"name": "20200306 Buffer overflow in pppd - CVE-2020-8597", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Mar/6"}, {"name": "FEDORA-2020-571091c70b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"}, {"name": "FEDORA-2020-4304397fe0", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"}, {"name": "GLSA-202003-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-19"}, {"name": "USN-4288-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4288-2/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"}, {"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8597", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426", "refsource": "MISC", "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"}, {"name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"}, {"name": "DSA-4632", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4632"}, {"name": "RHSA-2020:0631", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0631"}, {"name": "RHSA-2020:0634", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0634"}, {"name": "RHSA-2020:0633", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0633"}, {"name": "RHSA-2020:0630", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0630"}, {"name": "openSUSE-SU-2020:0286", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"}, {"name": "USN-4288-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4288-1/"}, {"name": "VU#782301", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/782301"}, {"name": "20200306 Buffer overflow in pppd - CVE-2020-8597", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Mar/6"}, {"name": "FEDORA-2020-571091c70b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"}, {"name": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_20_02", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"}, {"name": "FEDORA-2020-4304397fe0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"}, {"name": "https://security.netapp.com/advisory/ntap-20200313-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"}, {"name": "GLSA-202003-19", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-19"}, {"name": "USN-4288-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4288-2/"}, {"name": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"}, {"name": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136", "refsource": "CONFIRM", "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.256Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"}, {"name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"}, {"name": "DSA-4632", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4632"}, {"name": "RHSA-2020:0631", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0631"}, {"name": "RHSA-2020:0634", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0634"}, {"name": "RHSA-2020:0633", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0633"}, {"name": "RHSA-2020:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0630"}, {"name": "openSUSE-SU-2020:0286", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"}, {"name": "USN-4288-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4288-1/"}, {"name": "VU#782301", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/782301"}, {"name": "20200306 Buffer overflow in pppd - CVE-2020-8597", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Mar/6"}, {"name": "FEDORA-2020-571091c70b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"}, {"name": "FEDORA-2020-4304397fe0", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"}, {"name": "GLSA-202003-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-19"}, {"name": "USN-4288-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4288-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-8597", "datePublished": "2020-02-03T22:58:21", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2024-08-04T10:03:46.256Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*", "matchCriteriaId": "44FFBFCB-AFCE-4EE3-BA1E-5E0D0D60FFC1", "versionEndIncluding": "2.4.8", "versionStartIncluding": "2.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:pfc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C3DA645-3F47-4B59-B56B-AB16431D0950", "versionEndExcluding": "03.04.10\\(16\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*", "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions."}, {"lang": "es", "value": "El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del b\u00fafer de rhostname en las funciones eap_request y eap_response."}], "id": "CVE-2020-8597", "lastModified": "2024-11-21T05:39:05.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-03T23:15:11.387", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Mar/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0630"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0631"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0633"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0634"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-19"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4288-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4288-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4632"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/782301"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Mar/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0630"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0631"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.netgear.com/000061806/Security-Advisory-for-Unauthenticated-Remote-Buffer-Overflow-Attack-in-PPPD-on-WAC510-PSV-2020-0136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200313-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4288-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4288-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/782301"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_02"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0631", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ppp-0:2.4.5-11.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-02-27T00:00:00Z"}, {"advisory": "RHSA-2020:0630", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ppp-0:2.4.5-34.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-02-27T00:00:00Z"}, {"advisory": "RHSA-2020:0633", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ppp-0:2.4.7-26.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-02-27T00:00:00Z"}, {"advisory": "RHSA-2020:0633", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "ppp-0:2.4.7-26.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-02-27T00:00:00Z"}, {"advisory": "RHSA-2020:0634", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "ppp-0:2.4.7-26.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-02-27T00:00:00Z"}], "bugzilla": {"description": "ppp: Buffer overflow in the eap_request and eap_response functions in eap.c", "id": "1800727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800727"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.", "A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability."], "mitigation": {"lang": "en:us", "value": "Red Hat is working on providing updates packages which patches this flaw. This flaw can only be mitigated by updating to these package versions. The \"Stack Smashing Protection\" may help mitigate code execution attacks for this flaw and limit its impact to crash only."}, "name": "CVE-2020-8597", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "ppp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "rp-pppoe", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "rp-pppoe", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "rp-pppoe", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-02-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8597\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8597"], "statement": "The ppp packages distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The \"Stack Smashing Protection\" may help mitigate code execution attacks for this flaw and limit its impact to crash only.", "threat_severity": "Important"}