VYPR
Unrated severityNVD Advisory· Published Nov 2, 2014· Updated Jun 17, 2026

CVE-2014-2015

CVE-2014-2015

Description

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

26
  • cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
    • (no CPE)range: 2.x (<=2.2.3), 3.x (<=3.0.1)

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.