CVE-2020-15173
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15173
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15173.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15173
- Related
- Published
- 2020-09-09T23:15:10Z
- Modified
- 2025-10-15T12:04:29.684549Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.
- References
Affected packages
Git / github.com/accel-ppp/accel-ppp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/accel-ppp/accel-ppp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b",
"signature_version": "v1",
"target": {
"function": "l2tp_packet_send",
"file": "accel-pppd/ctrl/l2tp/packet.c"
},
"digest": {
"function_hash": "56794642800740520946401259974351675976",
"length": 2018.0
},
"id": "CVE-2020-15173-0d351b7d"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b",
"signature_version": "v1",
"target": {
"function": "decode_avp",
"file": "accel-pppd/ctrl/l2tp/packet.c"
},
"digest": {
"function_hash": "21952700318578743277174672561875988151",
"length": 2061.0
},
"id": "CVE-2020-15173-18183f2d"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b",
"signature_version": "v1",
"target": {
"file": "accel-pppd/ctrl/l2tp/l2tp_prot.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"338317700377576286025478384117828060319",
"67774926986237965124137075351349135786",
"172231402997736588041948284279745023379",
"169662471389383887840954457314071178235",
"202207538356649699404467984267802779407",
"34068663212362945259696409867023493914",
"223445067476677595334087974720663173164",
"235496519984370181950682888734290326416",
"262353139577246019899341448417292722658",
"34284010679476126187584958792322095159",
"266320997812127624356614364870607225703",
"43113050897411724562562037315123685637",
"260700611032244455210623079192684511526",
"75448575453371037417836989704384408376",
"15094315502071593330645899362319748074",
"226168518510105658663461915019527890210",
"195014094322762653011652376373758428673",
"38020132500324400824197414452556957027",
"134235598725696709632253176055695750639",
"54169553521048110127082531152573051675",
"132155546471683748481498755599312519486",
"315419957339496802218627096651997738867",
"164853230017992990611422989621938626894"
]
},
"id": "CVE-2020-15173-3fb25936"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b",
"signature_version": "v1",
"target": {
"function": "l2tp_recv",
"file": "accel-pppd/ctrl/l2tp/packet.c"
},
"digest": {
"function_hash": "135159235321692087611349962398979475414",
"length": 5731.0
},
"id": "CVE-2020-15173-778e7ba3"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b",
"signature_version": "v1",
"target": {
"file": "accel-pppd/ctrl/l2tp/packet.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"208420057628095866918349505542821309446",
"228562084722539447355450995829898021587",
"228012554885983931607472353984076333766",
"208603660971310996225271071788677474236",
"129342170442510039628300161766716432960",
"200401861447203466256151926581713337501",
"51197383300386729756278966071715851909",
"15220764526834757860545788607525348351",
"176750642548900109888997093922851899343",
"21978425376689532395646869319956777742",
"144913810872660946088469525813700726872",
"267598699241708184333447022457558042218",
"110359615143575925145768674636379758299",
"244345234613827673152831708031113414725",
"197553941281280475067420432854089675155",
"212930769008537196020160996831396180620",
"136055782448135971673487308337777343781",
"339761905722502023358623602208624881057",
"45719336865793148685739569915196487205",
"106523186263017310213563052599733843908",
"93507189711659397367466701252139457295",
"221609342906184199752953653342309081101",
"190780144101680809821788166767996778861",
"96847704684967691059740725483794648374",
"196660500725933982404133994534359861658",
"23308833275814522414029208876189418176",
"140754545573426628520065476963800914188",
"51480960358888919974313526661943895067",
"205067349334563839647569587776294298948",
"50168119132159128695259571541974196566",
"273851211813026280633738708913412304097",
"300791245108807515941062531419943753417",
"310587849273472063288185340782371485923",
"60917053607807950472972905398457546678",
"89057447771051572969833936868605253828",
"69449358863308854735214835872656648907",
"138771810668942442175657764132112814455",
"32286527123499812758469085724015966835",
"37585307601885444291248803454730758996",
"169768695112366133963904255906612321806",
"275041538839617427084673382910475692752",
"312506554780720958702732952043243127003",
"227486735125456283959910855378727667470",
"38455308020727108901158864286892338181",
"107390341900910427038210775059710431046",
"131755206706567582395575540168841226232",
"51953093278363948017440439943716709491",
"131470178833387272531361395607980804145",
"135681439171794964658074432224416861051",
"147943974312942557040573155431034930078",
"37912816773072789311516223414386432945",
"148412392157040744320652995168337441078",
"113538623065703555972681626877768405986",
"92242097323238561160499162582976512589",
"333616836688139715817018876749501712471",
"50333475835707880422180091234093066504",
"211468551225736022002601399147587503675",
"183077719063537806823333519660080386572",
"289083677215435755675751144465825430727",
"167340101845747234809544120583448559633",
"333967653293761162354694023894928925268",
"206417414366730927761337194774100698873",
"78513620007881469299222695199082548844",
"287764084130548515407794883484799718264",
"126792746798915114052992070502771957877",
"259931152916181945089248959356437593565",
"190703369293331853264318435071339125265",
"10536189051148214485827551924199087026",
"76124790444394923659247745331074370052",
"260707314986088878717372626359318391921",
"289907793498202398592353590599816322626",
"330434120824353624234073829484960658463",
"100329998547911248127579090791285739766",
"150215959648014794668237046059047949316",
"34602849803371055418101880860675010045",
"216654152091752644807465326694239104768",
"301289384192339741514743641453060173593",
"292063864952385714678102351889063692877",
"177445308078064075521962554293473127213",
"282771197349588287777203764200419340941",
"188295367303283716552284331971202954062",
"88354153885175652883581084335162178586",
"172194331458416146705211694395479021430",
"209856621918269467021912290481541151258",
"98645638718448395460514432335983822366",
"132267324180014579743385482813404544714",
"119908543441828290368493379802782321305",
"283537382436122318381233371011597790787",
"67846824516160838678243055835411979111",
"66769492409387228165031848253096987116",
"11636205689585824864809514388734433711",
"180378602047045832311282713674377450154",
"255060316851297185486136843255478471862",
"141491696432783483321552126871564148528",
"295300330928845806779991859737691757335",
"133237418246094024609829166127064802592",
"2841861214898496586543257486020550010",
"311973288946772316175776452152568626589",
"3450491257990485469554750417671035182",
"114810495333279399566670581686413323943",
"105376778413564890820567790575517346299",
"302333199091959038623690222284415581067",
"138252081078800054465756864668615407727",
"309109010936491077118573575152071475274",
"85720829707466653975504421761228249799",
"102960521313388501840607660627666219595",
"300136001522703989644699740151311126666",
"316820561961740083761502886267442140254",
"309417831112337580532044459201675738499",
"307857533668427394147585347396083575158",
"25998292849918108179403660852733178225",
"126889479525534986741942767439345496382",
"6524271411228409436982639326541782407",
"137468892364371168818796773418774341525",
"87099718548469632419477361659839268471",
"131247817742740896853928942897838978264",
"269642726127945624165277825587022601273",
"299645784754698559894317983131658162057",
"257779522594274540198783629359643436315",
"270517010963959440652111008284380031342",
"119291770849110313494984999774287565282",
"292841531867250303429196723716744791629",
"240066553613770639433417185355632720362",
"283287590762550547510448869115483203626",
"117927085282482409875237780090443908958",
"198086343148873508202328877222580000032",
"331781580587759001644963838657597089914",
"7564051071008824273262433944189864009",
"85695357085653228962162392236482941000",
"236798758780510953310068515485347455371",
"42563739037231250202627166545749858755",
"35136834205201200506981610380987080274",
"251534683344509804636723064909888094114",
"301070155600911612864615608575270415549",
"25939783644731607886683745717295686177",
"329734287358945873918888969406918218122",
"299104147284344846426582083405487634745",
"325908979377057274117618712436809084325",
"42169927455679994264067671805273743606",
"21838012272271138743181650995103104090",
"120594576693022065623635907500353768032",
"140472581772111897266313358541105397087",
"321706381357349842578856881754606628621",
"62313306026043305986171964899118427683",
"156248751717677540548831428168284865657",
"152331941808403839231646793783958671761",
"328935731996207780602230653236314120154",
"162743741102619606843081906966066058065",
"303180957279760619672541087468216260208",
"282839132266528101041273329142250656240",
"174842255408566206550902033728810828627",
"67275464780231519013701149388224032464",
"15220495349709150486165460188009763701",
"56779408420565649201400994765969598145",
"83308822468784049169051702889847933013",
"170580308789676947594385073313078708005",
"171264937158992163299015952606127557416",
"320586755581369804895543074984310220278",
"168971264882190157632851362365979820475",
"255335687535449485558176005430136145977",
"82151608554864617542734511595961644122",
"21299352493849260085288483005745028361",
"335060209473566259554321739565865568963",
"295103728750460111586807591923284464",
"333720237643958569223419528842670253899",
"74075271992513637763526879443495422463",
"152080355568445630000619438672039381732",
"208047156828213821328476414291572292990",
"67020652858715241420965049628304161190",
"306680135709408923771833512050931055051",
"128459403662676623902510975797884505157",
"116741459783185460709051581290472457543",
"173112399849840126044865497816025699069",
"165790171155611691199700075967217605168",
"179353251122324435495224861413364494574",
"271320716990069585836235111649575124350",
"69732575324709515817930251713998896828",
"258650463804025360874721314209291714242",
"234499055564558983076536996851677068715",
"82334693206686565264678812704688328622",
"250851377230929679543315528807385186531",
"296904855973072761458793216742967963743",
"253339951427718372563464343866460158442"
]
},
"id": "CVE-2020-15173-ad54bb13"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/accel-ppp/accel-ppp/commit/2324bcd5ba12cf28f47357a8f03cd41b7c04c52b",
"signature_version": "v1",
"target": {
"function": "l2tp_packet_alloc",
"file": "accel-pppd/ctrl/l2tp/packet.c"
},
"digest": {
"function_hash": "264157786689854936099843532802478715746",
"length": 602.0
},
"id": "CVE-2020-15173-da118e96"
}
]