A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-01-17
Updated
2023-07-10
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-01-17
Updated
2023-01-24
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-03-21
Updated
2022-04-22
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Max CVSS
6.5
EPSS Score
0.17%
Published
2019-12-03
Updated
2022-01-01
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Max CVSS
9.8
EPSS Score
0.66%
Published
2019-04-22
Updated
2019-05-13
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Max CVSS
9.8
EPSS Score
0.49%
Published
2019-04-22
Updated
2019-05-13
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
Max CVSS
7.0
EPSS Score
0.06%
Published
2019-05-24
Updated
2023-02-12
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-05-29
Updated
2018-01-05
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
Max CVSS
7.5
EPSS Score
0.39%
Published
2017-07-17
Updated
2019-10-03
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
Max CVSS
7.5
EPSS Score
66.18%
Published
2017-07-17
Updated
2019-10-03
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
Max CVSS
7.8
EPSS Score
0.88%
Published
2017-07-17
Updated
2019-10-03
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
77.12%
Published
2017-07-17
Updated
2018-01-05
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
Max CVSS
7.5
EPSS Score
0.53%
Published
2017-07-17
Updated
2018-01-05
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
Max CVSS
7.5
EPSS Score
2.14%
Published
2017-07-17
Updated
2019-07-03
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
Max CVSS
8.1
EPSS Score
0.20%
Published
2017-03-27
Updated
2017-03-30
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
Max CVSS
8.1
EPSS Score
0.23%
Published
2017-03-27
Updated
2017-03-30
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
Max CVSS
5.9
EPSS Score
0.22%
Published
2017-03-27
Updated
2017-03-30
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
Max CVSS
7.5
EPSS Score
0.41%
Published
2017-04-05
Updated
2018-10-09
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
Max CVSS
7.5
EPSS Score
0.87%
Published
2014-11-02
Updated
2018-01-05
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!