CVE-2020-8597

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8597
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8597.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8597
Downstream
Related
Published
2020-02-03T23:15:11.387Z
Modified
2026-03-15T22:38:36.157050Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions.

References

Affected packages

Git / github.com/paulusmack/ppp

Affected ranges

Type
GIT
Repo
https://github.com/paulusmack/ppp
Events
Introduced
47e865d8d20259857f96a573c8a3f18b27925d7e
Last affected
78cd384ce0f48bb5edb84e4fe9a574eab4a4ad14
Database specific 
{
    "versions": [
        {
            "introduced": "2.4.2"
        },
        {
            "last_affected": "2.4.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/ppp-project/ppp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8d7970b8f3db727fe798b65f3377fe6787575426

Affected versions

ppp-2.*
ppp-2.0.4
ppp-2.1.1
ppp-2.1.2
ppp-2.2
ppp-2.3.0
ppp-2.3.1
ppp-2.3.10
ppp-2.3.11
ppp-2.3.2
ppp-2.3.3
ppp-2.3.4
ppp-2.3.5
ppp-2.3.6
ppp-2.3.7
ppp-2.3.8
ppp-2.3.9
ppp-2.4.0
ppp-2.4.1
ppp-2.4.2
ppp-2.4.3
ppp-2.4.4
ppp-2.4.5
ppp-2.4.6
ppp-2.4.7
ppp-2.4.8
v2.*
v2.0.4
v2.1.1
v2.1.2
v2.2
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "03.04.10\\(16\\)"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8597.json"
vanir_signatures 
[
    {
        "id": "CVE-2020-8597-c6718d2e",
        "digest": {
            "line_hashes": [
                "8699045395222809821525703277737619786",
                "292496779373962596035831255329665227367",
                "48074617099796428185979187632482703117",
                "71461733246980172279550421003972967472",
                "248727923961049345348254177514247989885",
                "292496779373962596035831255329665227367",
                "48074617099796428185979187632482703117",
                "71461733246980172279550421003972967472"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/ppp-project/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "pppd/eap.c"
        }
    }
]