What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2022-4603.

What is the affected software?

The affected software is Samba Ppp version up to and excluding 2.5.0 on Linux and Solaris operating systems.

What is the severity of CVE-2022-4603?

The severity of CVE-2022-4603 is high with a CVSS score of 8.8.

How does CVE-2022-4603 impact the system?

CVE-2022-4603 allows an attacker to manipulate the argument leading to improper validation of array index.

Are there any known fix or mitigation for CVE-2022-4603?

At the moment, there is no known fix or mitigation for CVE-2022-4603. It is recommended to stay updated with the latest security patches and follow best security practices.

Vulnerability/
CVE-2022-4603

high

8.8

CWE

119 129

18/12/2022

17/5/2024

CVE-2022-4603: ppp pppdump pppdump.c dumpppp array index

First published: Sun Dec 18 2022(Updated: )

** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

Credit: cna@vuldb.com cna@vuldb.com

Affected Software	Affected Version	How to fix
	<2.5.0
	<2.5.0
Samba Ppp	<2.5.0
Samba Ppp	<2.5.0

Remedy

https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2022-4603.
What is the affected software?
The affected software is Samba Ppp version up to and excluding 2.5.0 on Linux and Solaris operating systems.
What is the severity of CVE-2022-4603?
The severity of CVE-2022-4603 is high with a CVSS score of 8.8.
How does CVE-2022-4603 impact the system?
CVE-2022-4603 allows an attacker to manipulate the argument leading to improper validation of array index.
Are there any known fix or mitigation for CVE-2022-4603?
At the moment, there is no known fix or mitigation for CVE-2022-4603. It is recommended to stay updated with the latest security patches and follow best security practices.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/status
agent/tags
agent/title
agent/type
agent/weakness
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-index
vendor/samba
canonical/samba ppp
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.