cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
Max CVSS
7.5
EPSS Score
0.39%
Published
2017-07-17
Updated
2019-10-03
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
Max CVSS
7.5
EPSS Score
66.18%
Published
2017-07-17
Updated
2019-10-03
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
Max CVSS
7.8
EPSS Score
0.88%
Published
2017-07-17
Updated
2019-10-03
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
77.12%
Published
2017-07-17
Updated
2018-01-05
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
Max CVSS
7.5
EPSS Score
0.53%
Published
2017-07-17
Updated
2018-01-05
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
Max CVSS
7.5
EPSS Score
2.14%
Published
2017-07-17
Updated
2019-07-03
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-05-29
Updated
2018-01-05
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
Max CVSS
8.1
EPSS Score
0.20%
Published
2017-03-27
Updated
2017-03-30
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
Max CVSS
8.1
EPSS Score
0.23%
Published
2017-03-27
Updated
2017-03-30
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
Max CVSS
5.9
EPSS Score
0.22%
Published
2017-03-27
Updated
2017-03-30
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
Max CVSS
7.5
EPSS Score
0.41%
Published
2017-04-05
Updated
2018-10-09
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!