VYPR

rpm package

suse/freeradius-server&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Vulnerabilities (8)

  • CVE-2019-11235Apr 21, 2019
    affected < 3.0.15-2.11.2fixed 3.0.15-2.11.2

    FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2

  • CVE-2019-11234Apr 21, 2019
    affected < 3.0.15-2.11.2fixed 3.0.15-2.11.2

    FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

  • CVE-2017-10987HigJul 17, 2017
    affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1

    An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.

  • CVE-2017-10986HigJul 17, 2017
    affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1

    An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.

  • CVE-2017-10985HigJul 17, 2017
    affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1

    An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.

  • CVE-2017-10984CriJul 17, 2017
    affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1

    An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

  • CVE-2017-10983HigJul 17, 2017
    affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1

    An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.

  • CVE-2017-10978HigJul 17, 2017
    affected < 3.0.15-2.3.1fixed 3.0.15-2.3.1

    An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.