Unrated severityNVD Advisory· Published Sep 18, 2012· Updated Apr 29, 2026
CVE-2012-3547
CVE-2012-3547
Description
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Affected products
3cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- freeradius.org/security.htmlnvdVendor Advisory
- secunia.com/advisories/50484nvdVendor Advisory
- secunia.com/advisories/50584nvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2012-09/0043.htmlnvd
- lists.apple.com/archives/security-announce/2013/Oct/msg00006.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.htmlnvd
- osvdb.org/85325nvd
- rhn.redhat.com/errata/RHSA-2012-1326.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-1327.htmlnvd
- secunia.com/advisories/50637nvd
- secunia.com/advisories/50770nvd
- www.debian.org/security/2012/dsa-2546nvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2012/09/10/2nvd
- www.pre-cert.de/advisories/PRE-SA-2012-06.txtnvd
- www.securityfocus.com/bid/55483nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/USN-1585-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/78408nvd
News mentions
0No linked articles in our index yet.