CVE-2020-8597

CRITICAL

ppp <2.4.8 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2020-8597. PoCs published by winmin, lakwsh, Dilan-Diaz.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2020-8597, a vulnerability in PPP over Ethernet (PPPoE) that allows a denial-of-service (DoS) attack via a malformed EAP-MD5 response packet. The PoC uses Scapy to craft and send a malicious PPPoE packet with an oversized payload, triggering a crash in the target PPPoE server.

Description

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Exploits (4)

nomisec WORKING POC 49 stars
by winmin · poc
https://github.com/winmin/CVE-2020-8597

This repository contains a functional PoC for CVE-2020-8597, a vulnerability in PPP over Ethernet (PPPoE) that allows a denial-of-service (DoS) attack via a malformed EAP-MD5 response packet. The PoC uses Scapy to craft and send a malicious PPPoE packet with an oversized payload, triggering a crash in the target PPPoE server.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: PPPoE server implementations (e.g., pppd)
No auth needed
Prerequisites: Network access to the target PPPoE server · Ability to send raw packets on the network interface
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 6 stars
by lakwsh · poc
https://github.com/lakwsh/CVE-2020-8597

This repository contains a functional PoC for CVE-2020-8597, a vulnerability in the PPP protocol implementation. The exploit simulates a PPPoE server and manipulates session establishment to trigger the vulnerability, likely leading to a denial-of-service (DoS) or remote code execution (RCE) condition.

Classification
Working Poc 95%
Attack Type
Dos | Other
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel PPP implementation (versions affected by CVE-2020-8597)
No auth needed
Prerequisites: Network access to a vulnerable PPPoE server · Ability to send crafted PPPoE packets
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by Dilan-Diaz · poc
https://github.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597-

This repository contains a detailed technical analysis of CVE-2020-8597, a stack buffer overflow vulnerability in the Point-to-Point Protocol Daemon (pppd) due to improper input validation in the EAP packet parser. The writeup includes root cause analysis, patch details, and exploitation techniques but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: pppd (Point-to-Point Protocol Daemon) versions 2.4.2 through 2.4.8
No auth needed
Prerequisites: Network access to a vulnerable pppd instance · Ability to send crafted EAP packets
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by dointisme · poc
https://github.com/dointisme/CVE-2020-8597

The repository provides a detailed technical analysis of CVE-2020-8597, a buffer overflow vulnerability in pppd's eap.c. It includes a crash backtrace, security mitigations (e.g., stack canaries), and a reference to the patch commit.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: ppp 2.4.2 through 2.4.8
No auth needed
Prerequisites: Ability to send crafted EAP requests/responses to the pppd service
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (22)

Core 22
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4632
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0631
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0634
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0633
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0630
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4288-1/
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/782301
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Mar/6
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html
Third Party Advisory x_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_20_02
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200313-0004/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202003-19
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4288-2/
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04

Scores

CVSS v3 9.8
EPSS 0.6296
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-120
Status published
Products (9)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
debian/debian_linux 9.0
debian/debian_linux 10.0
point-to-point_protocol_project/point-to-point_protocol 2.4.2 - 2.4.8
wago/pfc_firmware < 03.04.10\(16\)
Published Feb 03, 2020
Tracked Since Feb 18, 2026