CVE-2022-4603

Name of the Vulnerable Software and Affected Versions ppp (affected versions not specified)

Description The issue is related to the function dumpppp of the file pppdump/pppdump.c of the component pppdump. It involves improper validation of array index due to the manipulation of the argument spkt.buf/rpkt.buf. This could potentially allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The real existence of this vulnerability is still doubted at the moment.

Recommendations To fix this issue, it is recommended to apply a patch. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. As a temporary workaround, consider restricting the use of the dumpppp function until a patch is available. Additionally, note that pppdump is not used in the normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.