### [CVE-2022-24704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24704)
![](https://img.shields.io/static/v1?label=Product&message=Accel-PPP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.12%3C%3D%201.12%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=https%3A%2F%2Fcwe.mitre.org%2Fdata%2Fdefinitions%2F120.html&color=brighgreen)

### Description

The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon