CVE-2022-4603

MEDIUM 4.3

ppp pppdump pppdump.c dumpppp array index

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

CWE	CWE-119
Vendor	unspecified
Product	ppp
Published	Dec 18, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for unspecified ppp

Be the first to know when new medium vulnerabilities affecting unspecified ppp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

unspecified / ppp

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf vuldb.com: https://vuldb.com/?id.216198 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J43NP7ABHOCIWOFHWCH6ZCZOYKZH6723/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/J43NP7ABHOCIWOFHWCH6ZCZOYKZH6723/