PublicDateAtUSN: 2020-02-03 23:15:00 UTC
Candidate: CVE-2020-8597
PublicDate: 2020-02-03 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
 https://ubuntu.com/security/notices/USN-4288-1
 https://ubuntu.com/security/notices/USN-4288-2
Description:
 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow
 in the eap_request and eap_response functions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950618
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ppp:
 upstream: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
upstream_ppp: needs-triage
precise/esm_ppp: released (2.4.5-5ubuntu1.3)
trusty_ppp: ignored (out of standard support)
trusty/esm_ppp: released (2.4.5-5.1ubuntu2.3+esm1)
xenial_ppp: released (2.4.7-1+2ubuntu1.16.04.2)
esm-infra/xenial_ppp: released (2.4.7-1+2ubuntu1.16.04.2)
bionic_ppp: released (2.4.7-2+2ubuntu1.2)
eoan_ppp: released (2.4.7-2+4.1ubuntu4.1)
focal_ppp: released (2.4.7-2+4.1ubuntu5)
groovy_ppp: released (2.4.7-2+4.1ubuntu5)
hirsute_ppp: released (2.4.7-2+4.1ubuntu5)
impish_ppp: released (2.4.7-2+4.1ubuntu5)
jammy_ppp: released (2.4.7-2+4.1ubuntu5)
devel_ppp: released (2.4.7-2+4.1ubuntu5)

Patches_lwip:
 upstream: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86
upstream_lwip: needs-triage
precise/esm_lwip: DNE
trusty_lwip: ignored (out of standard support)
trusty/esm_lwip: DNE
xenial_lwip: DNE
bionic_lwip: DNE
eoan_lwip: ignored (reached end-of-life)
focal_lwip: needs-triage
groovy_lwip: not-affected (2.1.2+dfsg1-6)
hirsute_lwip: not-affected (2.1.2+dfsg1-6)
impish_lwip: not-affected (2.1.2+dfsg1-6)
jammy_lwip: not-affected (2.1.2+dfsg1-6)
devel_lwip: not-affected (2.1.2+dfsg1-6)