Kar Wei Loh

**Name of the Vulnerable Software and Affected Versions** accel-pppd (affected versions not specified) **Description** The issue arises from a buffer overflow vulnerability in the `rad packet recv` function, located in `opt/src/accel-pppd/radius/packet.c`. This vulnerability occurs because user input `len` is copied into a fixed buffer `&attr->val.integer` without any bound checks. When a client connects to the server and sends a large radius packet, this buffer overflow vulnerability can be triggered. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeRADIUS (affected versions not specified) **Description** The issue is related to a memcpy buffer overflow in the `rad packet recv` function, located in `radius/packet.c`. This overflow occurs due to an overly-large `recvfrom` into a fixed buffer, causing a buffer overflow that overwrites arbitrary memory. The vulnerability can be remotely triggered by crafted client requests if the server connects with a malicious client. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.