Unrated severityNVD Advisory· Published Sep 9, 2009· Updated Jun 16, 2026
CVE-2009-3111
CVE-2009-3111
Description
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*range: <=1.1.7
- cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
- (no CPE)range: <1.1.8
Patches
Vulnerability mechanics
References
13- github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4nvdPatch
- www.openwall.com/lists/oss-security/2009/09/09/1nvdPatch
- intevydis.com/vd-list.shtmlnvd
- lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlnvd
- secunia.com/advisories/36509nvd
- support.apple.com/kb/HT3937nvd
- www.redhat.com/support/errata/RHSA-2009-1451.htmlnvd
- www.securityfocus.com/bid/36263nvd
- www.vupen.com/english/advisories/2009/3184nvd
- lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.htmlnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919nvd
News mentions
0No linked articles in our index yet.