The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.
References
Link | Resource |
---|---|
https://github.com/accel-ppp/accel-ppp/pull/35 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GovTech CSG
Published: 2022-02-10T00:00:00
Updated: 2022-02-14T21:04:29
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24704
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-14T22:15:08.230
Modified: 2022-02-19T04:16:51.300
Link: CVE-2022-24704
JSON object: View
Redhat Information
No data.
CWE