Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-3158

Published: 15/11/2014 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Point-to-point Protocol Project

Vulnerability Summary

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) prior to 2.4.7 allows malicious users to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

point-to-point protocol project point-to-point protocol

Vendor Advisories

Debian CVElist Bug Report Logs: ppp: CVE-2014-3158: Integer overflow in option parsing
Debian Bug report logs - #762789 ppp: CVE-2014-3158: Integer overflow in option parsing Package: ppp; Maintainer for ppp is Chris Boot <bootc@debianorg>; Source for ppp is src:ppp (PTS, buildd, popcon) Reported by: Raphael Hertzog <hertzog@debianorg> Date: Thu, 25 Sep 2014 08:12:01 UTC Severity: grave Tags: securi ...
Ubuntu Security Notice: ppp vulnerability
ppp could be made to crash or run programs as an administrator if it opened a specially crafted file ...
Debian Security Advisories: DSA-3079-1 ppp -- security update
A vulnerability was discovered in ppp, an implementation of the Point-to-Point Protocol: an integer overflow in the routine responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges For the stable distribution (wheezy), this problem has been fixed in version 245-51+deb7u1 For the upcoming stable ...

References

CWE-119http://www.ubuntu.com/usn/USN-2429-1http://marc.info/?l=linux-ppp&m=140764978420764http://www.mandriva.com/security/advisories?name=MDVSA-2015:135http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1128748http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.htmlhttp://www.debian.org/security/2014/dsa-3079http://advisories.mageia.org/MGASA-2014-0368.htmlhttps://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cbhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762789https://usn.ubuntu.com/2429-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook