CVE-2020-28194

{"id": "CVE-2020-28194", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-02-01T14:15:12.240", "references": [{"url": "https://github.com/accel-ppp/accel-ppp/commit/e9d369aa0054312b7633e964e9f7eb323f1f3d69", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/accel-ppp/accel-ppp/security/advisories/GHSA-2m44-rh3c-x4gr", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution."}, {"lang": "es", "value": "Se presenta subdesbordamiento de variable en accel-ppp en el archivo radius/packet.c cuando se recibe un atributo espec\u00edfico del proveedor RADIUS con un campo de longitud menor que 2. Presenta un impacto solo cuando el atacante controla el servidor RADIUS, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "lastModified": "2021-02-05T20:58:45.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accel-ppp:accel-ppp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41B2A897-7CA6-4F53-8993-A0747BC3C1EC", "versionEndExcluding": "1.12.0-e9d369a"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}