FreeRADIUS
FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, an Apache module, and numerous additional RADIUS related utilities and development libraries.
Products
1- 50 CVEs
Recent CVEs
50| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10984 | Cri | 0.65 | 9.8 | 0.18 | Jul 17, 2017 | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | ||
| CVE-2017-10979 | Cri | 0.65 | 9.8 | 0.22 | Jul 17, 2017 | An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | ||
| CVE-2017-9148 | Cri | 0.64 | 9.8 | 0.04 | May 29, 2017 | The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass… | ||
| CVE-2024-3596 | Cri | 0.60 | 9.0 | 0.15 | Jul 9, 2024 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||
| CVE-2015-8764 | Hig | 0.53 | 8.1 | 0.01 | Mar 27, 2017 | Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | ||
| CVE-2015-8763 | Hig | 0.53 | 8.1 | 0.01 | Mar 27, 2017 | The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. | ||
| CVE-2017-10987 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | ||
| CVE-2017-10986 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | ||
| CVE-2017-10985 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | ||
| CVE-2017-10983 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | ||
| CVE-2017-10982 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. | ||
| CVE-2017-10981 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | ||
| CVE-2017-10980 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. | ||
| CVE-2017-10978 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | ||
| CVE-2015-4680 | Hig | 0.49 | 7.5 | 0.02 | Apr 5, 2017 | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | ||
| CVE-2015-8762 | Med | 0.38 | 5.9 | 0.02 | Mar 27, 2017 | The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | ||
| CVE-2003-0967 | 0.03 | — | 0.05 | Dec 15, 2003 | rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. | |||
| CVE-2019-11234 | 0.02 | — | 0.08 | Apr 21, 2019 | FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | |||
| CVE-2019-11235 | 0.01 | — | 0.04 | Apr 21, 2019 | FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and… | |||
| CVE-2001-1376 | 0.01 | — | 0.09 | Mar 4, 2002 | Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. |
- risk 0.65cvss 9.8epss 0.18
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
- risk 0.65cvss 9.8epss 0.22
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
- risk 0.64cvss 9.8epss 0.04
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass…
- risk 0.60cvss 9.0epss 0.15
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
- risk 0.53cvss 8.1epss 0.01
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
- risk 0.53cvss 8.1epss 0.01
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
- risk 0.49cvss 7.5epss 0.02
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
- risk 0.49cvss 7.5epss 0.02
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
- risk 0.49cvss 7.5epss 0.02
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
- risk 0.49cvss 7.5epss 0.03
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
- risk 0.49cvss 7.5epss 0.03
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
- risk 0.49cvss 7.5epss 0.03
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
- risk 0.49cvss 7.5epss 0.03
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
- risk 0.49cvss 7.5epss 0.03
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
- risk 0.49cvss 7.5epss 0.02
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
- risk 0.38cvss 5.9epss 0.02
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
- CVE-2003-0967Dec 15, 2003risk 0.03cvss —epss 0.05
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
- CVE-2019-11234Apr 21, 2019risk 0.02cvss —epss 0.08
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
- CVE-2019-11235Apr 21, 2019risk 0.01cvss —epss 0.04
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and…
- CVE-2001-1376Mar 4, 2002risk 0.01cvss —epss 0.09
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.