Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap buffer overflow in ACCEL-PPP
Vulnerability Description
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
ACCEL-PPP 缓冲区错误漏洞
Vulnerability Description
ACCEL-PPP中存在缓冲区错误漏洞。该漏洞源于接收到一个带有AVP的L2TP控制包时,会出现缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A