{"id":"CVE-2018-11574","details":"Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.","modified":"2026-03-14T09:26:08.996511Z","published":"2018-06-14T20:29:00.253Z","references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3810-1/"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2018/06/11/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/paulusmack/ppp","events":[{"introduced":"0"},{"fixed":"4fb319056f168bb8379865b91b4fd3e1ada73f1e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.9"}]}}],"versions":["ppp-2.0.4","ppp-2.1.1","ppp-2.1.2","ppp-2.2","ppp-2.3.0","ppp-2.3.1","ppp-2.3.10","ppp-2.3.11","ppp-2.3.2","ppp-2.3.3","ppp-2.3.4","ppp-2.3.5","ppp-2.3.6","ppp-2.3.7","ppp-2.3.8","ppp-2.3.9","ppp-2.4.0","ppp-2.4.1","ppp-2.4.2","ppp-2.4.3","ppp-2.4.4","ppp-2.4.5","ppp-2.4.6","ppp-2.4.7","ppp-2.4.8","v2.0.4","v2.1.1","v2.1.2","v2.2","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11574.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}