VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 31, 2013· Updated Apr 29, 2026

CVE-2013-2220

CVE-2013-2220

Description

Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.

Affected products

7
  • Radius Extension Project/Radius7 versions
    cpe:2.3:a:radius_extension_project:radius:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:radius_extension_project:radius:*:*:*:*:*:*:*:*range: <=1.2.6
    • cpe:2.3:a:radius_extension_project:radius:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:radius_extension_project:radius:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:radius_extension_project:radius:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:radius_extension_project:radius:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:radius_extension_project:radius:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:radius_extension_project:radius:1.2.5:*:*:*:*:*:*:*

Patches

1
13c149b051f8
https://github.com/LawnGnome/php-radiusvia nvd-ref
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.