Vulnerability Details : CVE-2020-28194
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
Products affected by CVE-2020-28194
- cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-28194
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-28194
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-28194
-
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-28194
-
https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr
Unchecked radius vendor-specfic attribute · Advisory · accel-ppp/accel-ppp · GitHubPatch;Third Party Advisory
-
https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69
radius: sanity check for vendor attribute length · accel-ppp/accel-ppp@e9d369a · GitHubPatch;Third Party Advisory
Jump to