oss-sec mailing list archives

Re: CVE Request : Use-after-free in accel-ppp

From: FEIST Josselin <josselin.feist () gmail com>
Date: Tue, 8 Mar 2016 09:26:59 +0100

Hi,

For information, the vuln was fixed on release 1.10.1
The fix:
https://sourceforge.net/p/accel-ppp/code/ci/74c8c4a91551fe91e224c29882fac55250fc94e3/

Best regards,
Josselin Feist

#### timeline ####
- 18/01/2016: Vuln reported (affect 1.10.0)
- 04/03/2016: Vuln fixed (release 1.10.1)



On 10/02/2016 22:23, FEIST Josselin wrote:

Hi,

A use-after-free in accel-ppp was reported one month ago. accel-ppp is a
VPN server (https://accel-ppp.org)
Since I got no news from the dev (neither by email or through the
forum), I would suggest to use this service carefully.

More details about the vuln here :
http://accel-ppp.org/forum/viewtopic.php?f=18&t=581

The vuln was found with the help of the analyzer GUEB.

Best regards,
Josselin Feist

Current thread:

CVE Request : Use-after-free in accel-ppp FEIST Josselin (Feb 10)
- Re: CVE Request : Use-after-free in accel-ppp FEIST Josselin (Mar 08)