CVE-2022-24705— Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-24705
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12
Source: NVD (National Vulnerability Database)
Vulnerability Description
The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Accel-Ppp 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Accel-Ppp是一个适用于 Linux 的高性能 Pptp/L2tp/Pppoe/Ipoe 服务器。 accel-ppp存在安全漏洞,该漏洞源于radius packet.c中的rad packet recv函数存在memcpy缓冲区溢出,如果服务器与恶意客户端连接,精心制作的客户端请求可以远程触发此漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| https://accel-ppp.org/ | accel-ppp | 1.12 ~ 1.12 | - |
II. Public POCs for CVE-2022-24705
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-24705
请登录查看更多情报信息。
- https://github.com/accel-ppp/accel-ppp/pull/35x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-24705
IV. Related Vulnerabilities
V. Comments for CVE-2022-24705
No comments yet