Approved changes feed: RSS · Atom
cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Accel Ppp (89543f0d-8df4-535d-b69e-3c7887656ff7) |
|---|---|
| Product | Accel Ppp (ac9a824c-90e4-51b5-b98b-a018f6b9647a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/accel-ppp/accel-ppp |
purl2cpe | 2026-06-01 10:11:24.181289 |
pkg:github/drdaeman/accel-ppp |
purl2cpe | 2026-06-01 10:11:24.181293 |
pkg:github/xebd/accel-ppp |
purl2cpe | 2026-06-01 10:11:24.181295 |
pkg:rpm/opensuse/accel-ppp |
purl2cpe | 2026-06-01 10:11:24.181298 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-24705 |
vulnerable | 2026-06-03 14:46:30.995862 |
Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12
The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
Published: 2022-02-14T21:04:30.848Z
Updated: 2024-09-16T18:39:19.344Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24704 |
vulnerable | 2026-06-03 14:46:30.995461 |
Buffer Overflow via Crafted IPv6 Addr Attribute Type Client Request in Accel-PPP v1.12
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.
Published: 2022-02-14T21:04:29.942Z
Updated: 2024-09-16T19:00:04.606Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0982 |
vulnerable | 2026-06-03 14:45:57.511025 |
Buffer Overflow via crafted client request in Accel-PPP v1.12
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
Published: 2022-03-16T14:04:22.485Z
Updated: 2024-09-17T04:20:24.462Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-28194 |
vulnerable | 2026-06-03 14:42:19.120038 |
Details available
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
Published: 2021-02-01T13:13:47.000Z
Updated: 2024-08-04T16:33:58.925Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15173 |
vulnerable | 2026-06-03 14:41:45.407625 |
Heap buffer overflow in ACCEL-PPP
HIGH (8.2)
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.
Published: 2020-09-09T22:45:13.000Z
Updated: 2024-08-04T13:08:22.404Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.