{
  "version": "1",
  "package": [
    {
      "name": "mpd",
      "layer": "meta-multimedia",
      "version": "0.23.14",
      "products": [
        {
          "product": "mpd",
          "cvesInRecord": "No"
        }
      ],
      "issue": [
        {
          "id": "CVE-2020-7465",
          "summary": "The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).",
          "scorev2": "7.5",
          "scorev3": "9.8",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "status": "Ignored",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-7465",
          "detail": "cpe-incorrect",
          "description": "The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue."
        },
        {
          "id": "CVE-2020-7466",
          "summary": "The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.",
          "scorev2": "5.0",
          "scorev3": "7.5",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Ignored",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-7466",
          "detail": "cpe-incorrect",
          "description": "The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue."
        }
      ]
    }
  ]
}