CVE-2014-3158
ppp - security update
EPSS 1.5%
Description
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."
How to fix CVE-2014-3158
To remediate CVE-2014-3158, upgrade the affected package to a fixed version below.
- Debian/ppp—upgrade to 2.4.6-3 or later
- Debian/ppp—upgrade to 2.4.5-4+deb6u1 or later
- Debian/ppp—upgrade to 2.4.5-5.1+deb7u1 or later
Is CVE-2014-3158 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.4.6-3
- from 0, < 2.4.5-4+deb6u1
- from 0, < 2.4.5-5.1+deb7u1