CVE-2014-3158

Name of the Vulnerable Software and Affected Versions ppp versions prior to 2.4.7

Description The issue is related to an integer overflow in the getword function in options.c in pppd, which can trigger a heap-based buffer overflow. This overflow can corrupt security-relevant variables, potentially allowing attackers to access privileged options. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 2.4.7, update to version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the options file to minimize the risk of exploitation.