CWE
119 120
Advisory Published
CVE Published
Updated

CVE-2020-8597: Buffer Overflow

First published: Mon Feb 03 2020(Updated: )

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
debian/ppp<=2.4.7-2+4.1<=2.4.7-1+4
2.4.8-1+1~exp1
2.4.7-2+4.1+deb10u1
2.4.7-1+4+deb9u1
Point-to-point Protocol Project Point-to-point Protocol>=2.4.2<=2.4.8
Wago Pfc Firmware<03.04.10\(16\)
WAGO PFC100
WAGO PFC200
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
All of
Wago Pfc Firmware<03.04.10\(16\)
Any of
WAGO PFC100
WAGO PFC200
Google Android
Siemens RUGGEDCOM RM1224<6.3
6.3
Siemens SCALANCE M-800 / S615<6.3
6.3
ubuntu/ppp<2.4.7-2+2ubuntu1.2
2.4.7-2+2ubuntu1.2
ubuntu/ppp<2.4.7-2+4.1ubuntu4.1
2.4.7-2+4.1ubuntu4.1
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.7-2+4.1ubuntu5
2.4.7-2+4.1ubuntu5
ubuntu/ppp<2.4.5-5.1ubuntu2.3+
2.4.5-5.1ubuntu2.3+
ubuntu/ppp<2.4.7-1+2ubuntu1.16.04.2
2.4.7-1+2ubuntu1.16.04.2
debian/lwip
2.1.2+dfsg1-8+deb11u1
2.1.3+dfsg1-2
2.2.0+dfsg1-7
debian/ppp
2.4.9-1+1
2.4.9-1+1.1
2.5.0-1+2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID?

    The vulnerability ID is CVE-2020-8597.

  • What is the severity of CVE-2020-8597?

    The severity of CVE-2020-8597 is critical with a severity value of 9.8.

  • What is the affected software?

    The affected software includes ppp versions 2.4.2 through 2.4.8 on Debian and Ubuntu systems, lwip on Debian systems, and Android devices.

  • How can I fix the vulnerability in pppd?

    To fix the vulnerability in pppd, update to version 2.4.9-1+1 or later on Debian systems, and follow the recommended updates for Ubuntu and Android devices.

  • Where can I find more information about CVE-2020-8597?

    You can find more information about CVE-2020-8597 at the following references: [Link 1](https://android.googlesource.com/platform/external/ppp/+/f9fec5c36952301e585a420f31e96d35a60d0498), [Link 2](https://source.android.com/docs/security/bulletin/2020-06-01), [Link 3](https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203