Freeradius » Freeradius : Security Vulnerabilities, CVEs, Published In 2010 (Denial of service)
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.
Max CVSS
4.3
EPSS Score
1.23%
Published
2010-10-07
Updated
2010-10-08
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
2.52%
Published
2010-10-07
Updated
2023-02-13
2 vulnerabilities found