Freeradius
Sign in to watchby FreeRADIUS
Source repositories
CVEs (35)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-10979 | Cri | 0.66 | 9.8 | 0.30 | Jul 17, 2017 | An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | |
| CVE-2017-10984 | Cri | 0.65 | 9.8 | 0.21 | Jul 17, 2017 | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | |
| CVE-2017-9148 | Cri | 0.64 | 9.8 | 0.01 | May 29, 2017 | The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. | |
| CVE-2017-10987 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | |
| CVE-2017-10986 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | |
| CVE-2017-10985 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | |
| CVE-2017-10983 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | |
| CVE-2017-10982 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. | |
| CVE-2017-10981 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | |
| CVE-2017-10978 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | |
| CVE-2015-4680 | Hig | 0.49 | 7.5 | 0.00 | Apr 5, 2017 | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |
| CVE-2003-0967 | 0.03 | — | 0.06 | Dec 15, 2003 | rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. | ||
| CVE-2001-1376 | 0.02 | — | 0.30 | Mar 4, 2002 | Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | ||
| CVE-2012-3547 | 0.01 | — | 0.13 | Sep 18, 2012 | Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate. | ||
| CVE-2007-2028 | 0.01 | — | 0.11 | Apr 13, 2007 | Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. | ||
| CVE-2001-1377 | 0.01 | — | 0.13 | Mar 4, 2002 | Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. | ||
| CVE-2019-10143 | 0.00 | — | 0.00 | May 24, 2019 | It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." | ||
| CVE-2014-2015 | 0.00 | — | 0.01 | Nov 2, 2014 | Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. | ||
| CVE-2011-4966 | 0.00 | — | 0.01 | Mar 12, 2013 | modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. | ||
| CVE-2011-2701 | 0.00 | — | 0.00 | Aug 4, 2011 | The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. |
Page 1 of 2