LAYER: meta-multimedia
PACKAGE NAME: mpd
PACKAGE VERSION: 0.23.14
CVE: CVE-2020-7465
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue.
CVE SUMMARY: The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7465

LAYER: meta-multimedia
PACKAGE NAME: mpd
PACKAGE VERSION: 0.23.14
CVE: CVE-2020-7466
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue.
CVE SUMMARY: The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7466