rpm package
suse/freeradius-server&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11235 | — | < 3.0.15-2.11.2 | 3.0.15-2.11.2 | Apr 21, 2019 | FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2 | ||
| CVE-2019-11234 | — | < 3.0.15-2.11.2 | 3.0.15-2.11.2 | Apr 21, 2019 | FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | ||
| CVE-2017-10987 | Hig | 7.5 | < 3.0.15-2.3.1 | 3.0.15-2.3.1 | Jul 17, 2017 | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | |
| CVE-2017-10986 | Hig | 7.5 | < 3.0.15-2.3.1 | 3.0.15-2.3.1 | Jul 17, 2017 | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | |
| CVE-2017-10985 | Hig | 7.5 | < 3.0.15-2.3.1 | 3.0.15-2.3.1 | Jul 17, 2017 | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | |
| CVE-2017-10984 | Cri | 9.8 | < 3.0.15-2.3.1 | 3.0.15-2.3.1 | Jul 17, 2017 | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | |
| CVE-2017-10983 | Hig | 7.5 | < 3.0.15-2.3.1 | 3.0.15-2.3.1 | Jul 17, 2017 | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | |
| CVE-2017-10978 | Hig | 7.5 | < 3.0.15-2.3.1 | 3.0.15-2.3.1 | Jul 17, 2017 | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. |
- CVE-2019-11235Apr 21, 2019affected < 3.0.15-2.11.2fixed 3.0.15-2.11.2
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2
- CVE-2019-11234Apr 21, 2019affected < 3.0.15-2.11.2fixed 3.0.15-2.11.2
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
- affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
- affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
- affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
- affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
- affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
- affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.