VYPR
Vendor

FreeRADIUS

FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, an Apache module, and numerous additional RADIUS related utilities and development libraries.

Products
1
CVEs
50
Across products
50
Status
Private

Products

1

Recent CVEs

50
View all 50 CVEs →
  • CVE-2017-10984CriJul 17, 2017
    risk 0.65cvss 9.8epss 0.18

    An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

  • CVE-2017-10979CriJul 17, 2017
    risk 0.65cvss 9.8epss 0.22

    An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

  • CVE-2017-9148CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.04

    The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass…

  • CVE-2024-3596CriJul 9, 2024
    risk 0.60cvss 9.0epss 0.15

    RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

  • CVE-2015-8764HigMar 27, 2017
    risk 0.53cvss 8.1epss 0.01

    Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.

  • CVE-2015-8763HigMar 27, 2017
    risk 0.53cvss 8.1epss 0.01

    The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.

  • CVE-2017-10987HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.02

    An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.

  • CVE-2017-10986HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.02

    An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.

  • CVE-2017-10985HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.02

    An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.

  • CVE-2017-10983HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.

  • CVE-2017-10982HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.

  • CVE-2017-10981HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.

  • CVE-2017-10980HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.

  • CVE-2017-10978HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

  • CVE-2015-4680HigApr 5, 2017
    risk 0.49cvss 7.5epss 0.02

    FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

  • CVE-2015-8762MedMar 27, 2017
    risk 0.38cvss 5.9epss 0.02

    The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.

  • CVE-2003-0967Dec 15, 2003
    risk 0.03cvss epss 0.05

    rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.

  • CVE-2019-11234Apr 21, 2019
    risk 0.02cvss epss 0.08

    FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

  • CVE-2019-11235Apr 21, 2019
    risk 0.01cvss epss 0.04

    FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and…

  • CVE-2001-1376Mar 4, 2002
    risk 0.01cvss epss 0.09

    Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.