CVE-2022-24704

Name of the Vulnerable Software and Affected Versions accel-pppd (affected versions not specified)

Description The issue arises from a buffer overflow vulnerability in the rad packet recv function, located in opt/src/accel-pppd/radius/packet.c. This vulnerability occurs because user input len is copied into a fixed buffer &attr->val.integer without any bound checks. When a client connects to the server and sends a large radius packet, this buffer overflow vulnerability can be triggered.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.