pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines.
We integrated the fix in NRSW versions 4.1.0.110, 4.3.0.106 and 4.4.0.104 which will be released in April.
More information:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597