CVE-2022-4603

CVSS V2 None CVSS V3 None

Description

** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

Overview

CVE ID
CVE-2022-4603

Assigner
cna@vuldb.com

Vulnerability Status
Analyzed

Published Version
2022-12-18T11:15:11

Last Modified Date
2022-12-22T18:42:05

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:samba:ppp::::::linux::*	1	OR		2022-08-03
cpe:2.3:a:samba:ppp::::::solaris::*	1	OR		2022-08-03

References

Reference URL	Reference Tags
https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf
https://vuldb.com/?id.216198

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-4603
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4603

History

Created	Old Value	New Value	Data Type	Notes
2022-12-19 16:16:16				Added to TrackCVE
2022-12-21 07:03:08	2022-12-18T11:15:11.077	2022-12-18T11:15:11	CVE Published Date	updated
2022-12-21 07:03:08		2022-12-19T02:27:34	CVE Modified Date	updated
2022-12-21 07:03:08	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-22 19:15:42		2022-12-22T18:42:05	CVE Modified Date	updated
2022-12-22 19:15:42	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-22 19:15:44			CPE Information	updated