CVE-2022-4603

A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
sambappp
𝑥
< 2.5.0
sambappp
𝑥
< 2.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ppp
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ppp
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ppp
suse enterprise desktop 15 SP5
2.4.7-150000.5.13.1
fixed
suse enterprise desktop 15 SP6
2.4.7-150600.18.3
fixed
suse enterprise desktop 15 SP7
2.4.7-150600.18.3
fixed
suse enterprise sap 15 SP5
2.4.7-150000.5.13.1
fixed
suse enterprise sap 15 SP6
2.4.7-150600.18.3
fixed
suse enterprise sap 15 SP7
2.4.7-150600.18.3
fixed
suse enterprise server 15 SP5
2.4.7-150000.5.13.1
fixed
suse enterprise server 15 SP6
2.4.7-150600.18.3
fixed
suse enterprise server 15 SP7
2.4.7-150600.18.3
fixed
ppp-devel
suse enterprise desktop 15 SP5
2.4.7-150000.5.13.1
fixed
suse enterprise desktop 15 SP6
2.4.7-150600.18.3
fixed
suse enterprise desktop 15 SP7
2.4.7-150600.18.3
fixed
suse enterprise sap 15 SP5
2.4.7-150000.5.13.1
fixed
suse enterprise sap 15 SP6
2.4.7-150600.18.3
fixed
suse enterprise sap 15 SP7
2.4.7-150600.18.3
fixed
suse enterprise server 15 SP5
2.4.7-150000.5.13.1
fixed
suse enterprise server 15 SP6
2.4.7-150600.18.3
fixed
suse enterprise server 15 SP7
2.4.7-150600.18.3
fixed
Common Weakness Enumeration
References
https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J43NP7ABHOCIWOFHWCH6ZCZOYKZH6723/
https://vuldb.com/?id.216198
https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J43NP7ABHOCIWOFHWCH6ZCZOYKZH6723/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J43NP7ABHOCIWOFHWCH6ZCZOYKZH6723/
https://vuldb.com/?id.216198