← back
CVE-2020-28194

CVE-2020-28194

EPSS 2.7%
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr