4 matches found
CVE-2020-7465
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service memory corruption...
CVE-2020-7465
The CVE-2020-7465 issue affects MPD (Music Player Daemon) prior to version 5.9. The L2TP implementation accepts crafted L2TP control packets carrying AVP Q.931 Cause Code, leading to memory corruption that can allow a remote attacker to execute arbitrary code or cause a denial of service. Affecte...
CVE-2020-7465
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service memory corruption...
FreeBSD : Multi-link PPP protocol daemon MPD5 remotely exploitable crash (cd97c7ca-f079-11ea-9c31-001b216d295b)
Version 5.9 contains security fix for L2TP clients and servers. Insufficient validation of incoming L2TP control packet specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 4.0 that brought in initial support for L2T...