PppD (Point to Point Daemon) is often used to manage network connections on Unix-based operating systems and is also used to manage broadband connections such as DSL, whether PPPoE or PPPoA is used.
One researcher discovered this crucial vulnerability located on the package processor of the Extensible Authentication Protocol (EAP) in the Point-to-Point Protocol Daemon (pppd).
A remote intruder may be able to cause buffer cache overflow, taking advantage of this vulnerability. It can allow attackers to carry out arbitrary executions code to the target system.
The vulnerability, discovered by Ilja Van Sprundel and named CVE-2020-8597, rated at 9,3 CVE. GBHackers has not found any code that has been exploited at this time for this vulnerability.
Here are the Linux distributions that confirmed this vulnerability running with pppd (Point to Point Daemon) in versions 2.4.2 to 2.4.8.
Debian GNU / Linux
The following vendors are also issuing an update,
When validating the input size, if the data size is incorrect, it results in duplicate arbitrary data in memory and causes memory corruption that allows attackers to execute arbitrary code remotely.