Search criteria
101 vulnerabilities found for freeradius by freeradius
CVE-2024-3596 (GCVE-0-2024-3596)
Vulnerability from nvd – Published: 2024-07-09 12:02 – Updated: 2025-11-04 17:20
VLAI?
Title
RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Severity ?
9 (Critical)
CWE
Assigner
References
Credits
Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rfc",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T03:55:37.141738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T21:05:25.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:52.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
},
{
"url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"tags": [
"x_transferred"
],
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.blastradius.fail/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
},
{
"url": "https://www.kb.cert.org/vuls/id/456537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RFC",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-328: Use of Weak Hash",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:29:16.788Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"url": "https://www.blastradius.fail/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
},
{
"name": "Siemens Security Advisory by Siemens ProductCERT for SIPROTEC, SICAM and related product",
"tags": [
"vendor-advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
},
{
"name": "Siemens Security Advisory by Siemens ProductCERT to SCALANCE, RUGGEDCOM and related products.",
"tags": [
"vendor-advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3596",
"datePublished": "2024-07-09T12:02:53.001Z",
"dateReserved": "2024-04-10T15:09:45.391Z",
"dateUpdated": "2025-11-04T17:20:52.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41861 (GCVE-0-2022-41861)
Vulnerability from nvd – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Affected:
All versions from 0.0.1 to 3.0.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:27:46.890633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:28:17.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions from 0.0.1 to 3.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41861",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41860 (GCVE-0-2022-41860)
Vulnerability from nvd – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Affected:
All versions from 0.9.3 to 3.0.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:38.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:39:17.283850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:39:35.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions from 0.9.3 to 3.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41860",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:38.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41859 (GCVE-0-2022-41859)
Vulnerability from nvd – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Affected:
unknown
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:37.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:40:02.278497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:40:36.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41859",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:37.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-17185 (GCVE-0-2019-17185)
Vulnerability from nvd – Published: 2020-03-21 00:13 – Updated: 2024-08-05 01:33
VLAI?
Summary
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T17:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17185",
"datePublished": "2020-03-21T00:13:05",
"dateReserved": "2019-10-04T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13456 (GCVE-0-2019-13456)
Vulnerability from nvd – Published: 2019-12-03 19:53 – Updated: 2024-08-04 23:49
VLAI?
Summary
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpa3.mathyvanhoef.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T17:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpa3.mathyvanhoef.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://wpa3.mathyvanhoef.com",
"refsource": "MISC",
"url": "https://wpa3.mathyvanhoef.com"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13456",
"datePublished": "2019-12-03T19:53:53",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10143 (GCVE-0-2019-10143)
Vulnerability from nvd – Published: 2019-05-24 00:00 – Updated: 2024-08-04 22:10 Disputed
VLAI?
Summary
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
Severity ?
6.4 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| freeradius | freeradius |
Affected:
affects <= 3.0.19
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freeradius",
"vendor": "freeradius",
"versions": [
{
"lessThanOrEqual": "3.0.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "30"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "29"
}
]
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_linux",
"vendor": "redhat",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-10143",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:23:06.388705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:24:21.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-4a8eeaf80e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
},
{
"name": "FEDORA-2019-9454ce61b2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
},
{
"name": "RHSA-2019:3353",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3353"
},
{
"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Nov/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "freeradius",
"versions": [
{
"status": "affected",
"version": "affects \u003c= 3.0.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\""
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2019-4a8eeaf80e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
},
{
"name": "FEDORA-2019-9454ce61b2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
},
{
"name": "RHSA-2019:3353",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3353"
},
{
"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/Nov/14"
},
{
"url": "https://freeradius.org/security/"
},
{
"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10143",
"datePublished": "2019-05-24T00:00:00",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11235 (GCVE-0-2019-11235)
Vulnerability from nvd – Published: 2019-04-21 16:40 – Updated: 2024-08-04 22:48
VLAI?
Summary
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
"refsource": "MISC",
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"name": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11235",
"datePublished": "2019-04-21T16:40:32",
"dateReserved": "2019-04-15T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11234 (GCVE-0-2019-11234)
Vulnerability from nvd – Published: 2019-04-21 16:36 – Updated: 2024-08-04 22:48
VLAI?
Summary
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
"refsource": "MISC",
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"name": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11234",
"datePublished": "2019-04-21T16:36:48",
"dateReserved": "2019-04-15T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10987 (GCVE-0-2017-10987)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99970",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99970"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99970",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99970"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99970"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10987",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10986 (GCVE-0-2017-10986)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99971"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99971"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99971"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10986",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10985 (GCVE-0-2017-10985)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "99968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99968"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with \u0027concat\u0027 attributes\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "99968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99968"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with \u0027concat\u0027 attributes\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "99968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99968"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10985",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10984 (GCVE-0-2017-10984)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10984",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10983 (GCVE-0-2017-10983)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99915"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99915"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99915"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10983",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10982 (GCVE-0-2017-10982)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "99912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99912"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "99912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99912"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "99912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99912"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10982",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10981 (GCVE-0-2017-10981)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99898",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99898",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10981",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10980 (GCVE-0-2017-10980)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99905"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10980",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10979 (GCVE-0-2017-10979)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10979",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3596 (GCVE-0-2024-3596)
Vulnerability from cvelistv5 – Published: 2024-07-09 12:02 – Updated: 2025-11-04 17:20
VLAI?
Title
RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Severity ?
9 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rfc",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T03:55:37.141738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T21:05:25.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:52.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
},
{
"url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"tags": [
"x_transferred"
],
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.blastradius.fail/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
},
{
"url": "https://www.kb.cert.org/vuls/id/456537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RFC",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-328: Use of Weak Hash",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:29:16.788Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"url": "https://www.blastradius.fail/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
},
{
"name": "Siemens Security Advisory by Siemens ProductCERT for SIPROTEC, SICAM and related product",
"tags": [
"vendor-advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
},
{
"name": "Siemens Security Advisory by Siemens ProductCERT to SCALANCE, RUGGEDCOM and related products.",
"tags": [
"vendor-advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3596",
"datePublished": "2024-07-09T12:02:53.001Z",
"dateReserved": "2024-04-10T15:09:45.391Z",
"dateUpdated": "2025-11-04T17:20:52.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41861 (GCVE-0-2022-41861)
Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Affected:
All versions from 0.0.1 to 3.0.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:27:46.890633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:28:17.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions from 0.0.1 to 3.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41861",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41860 (GCVE-0-2022-41860)
Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Affected:
All versions from 0.9.3 to 3.0.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:38.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:39:17.283850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:39:35.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions from 0.9.3 to 3.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41860",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:38.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41859 (GCVE-0-2022-41859)
Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Affected:
unknown
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:37.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:40:02.278497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:40:36.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41859",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:37.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-17185 (GCVE-0-2019-17185)
Vulnerability from cvelistv5 – Published: 2020-03-21 00:13 – Updated: 2024-08-05 01:33
VLAI?
Summary
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T17:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17185",
"datePublished": "2020-03-21T00:13:05",
"dateReserved": "2019-10-04T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13456 (GCVE-0-2019-13456)
Vulnerability from cvelistv5 – Published: 2019-12-03 19:53 – Updated: 2024-08-04 23:49
VLAI?
Summary
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpa3.mathyvanhoef.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T17:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpa3.mathyvanhoef.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://wpa3.mathyvanhoef.com",
"refsource": "MISC",
"url": "https://wpa3.mathyvanhoef.com"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13456",
"datePublished": "2019-12-03T19:53:53",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10143 (GCVE-0-2019-10143)
Vulnerability from cvelistv5 – Published: 2019-05-24 00:00 – Updated: 2024-08-04 22:10 Disputed
VLAI?
Summary
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
Severity ?
6.4 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| freeradius | freeradius |
Affected:
affects <= 3.0.19
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freeradius",
"vendor": "freeradius",
"versions": [
{
"lessThanOrEqual": "3.0.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "30"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "29"
}
]
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_linux",
"vendor": "redhat",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-10143",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:23:06.388705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:24:21.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-4a8eeaf80e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
},
{
"name": "FEDORA-2019-9454ce61b2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
},
{
"name": "RHSA-2019:3353",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3353"
},
{
"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Nov/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "freeradius",
"versions": [
{
"status": "affected",
"version": "affects \u003c= 3.0.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\""
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2019-4a8eeaf80e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
},
{
"name": "FEDORA-2019-9454ce61b2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
},
{
"name": "RHSA-2019:3353",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3353"
},
{
"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/Nov/14"
},
{
"url": "https://freeradius.org/security/"
},
{
"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10143",
"datePublished": "2019-05-24T00:00:00",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11235 (GCVE-0-2019-11235)
Vulnerability from cvelistv5 – Published: 2019-04-21 16:40 – Updated: 2024-08-04 22:48
VLAI?
Summary
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
"refsource": "MISC",
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"name": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11235",
"datePublished": "2019-04-21T16:40:32",
"dateReserved": "2019-04-15T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11234 (GCVE-0-2019-11234)
Vulnerability from cvelistv5 – Published: 2019-04-21 16:36 – Updated: 2024-08-04 22:48
VLAI?
Summary
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
"refsource": "MISC",
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"name": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11234",
"datePublished": "2019-04-21T16:36:48",
"dateReserved": "2019-04-15T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2024-AVI-0550
Vulnerability from certfr_avis - Published: 2024-07-09 - Updated: 2024-07-09
Une vulnérabilité a été découverte dans le protocole RADIUS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| FreeRadius | FreeRADIUS | FreeRadius versions 3.2.x antérieures à 3.2.5 FreeRadius versions antérieures à 3.0.27 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FreeRadius versions 3.2.x ant\u00e9rieures \u00e0 3.2.5\nFreeRadius versions ant\u00e9rieures \u00e0 3.0.27",
"product": {
"name": "FreeRADIUS",
"vendor": {
"name": "FreeRadius",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
}
],
"initial_release_date": "2024-07-09T00:00:00",
"last_revision_date": "2024-07-09T00:00:00",
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 CERT Carnegie Mellon University VU#456537 du 09 juillet 2024",
"url": "https://kb.cert.org/vuls/id/456537"
}
],
"reference": "CERTFR-2024-AVI-0550",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le protocole RADIUS. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans le protocole RADIUS",
"vendor_advisories": [
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 FreeRadius",
"url": "https://www.freeradius.org/security/"
}
]
}
CERTFR-2024-AVI-0494
Vulnerability from certfr_avis - Published: 2024-06-14 - Updated: 2024-06-21
Une vulnérabilité a été découverte dans FreeRADIUS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| FreeRadius | FreeRADIUS | FreeRADIUS versions antérieures à 3.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FreeRADIUS versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "FreeRADIUS",
"vendor": {
"name": "FreeRadius",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2024-06-14T00:00:00",
"last_revision_date": "2024-06-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0494",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-14T00:00:00.000000"
},
{
"description": "L\u0027\u00e9diteur \u00e0 retir\u00e9 son bulletin de s\u00e9curit\u00e9",
"revision_date": "2024-06-17T00:00:00.000000"
},
{
"description": "L\u0027\u00e9diteur a compl\u00e9tement supprim\u00e9 son avis",
"revision_date": "2024-06-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans FreeRADIUS. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans FreeRADIUS",
"vendor_advisories": [
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 FreeRadius security",
"url": "https://freeradius.org/security/"
}
]
}
CERTFR-2022-AVI-384
Vulnerability from certfr_avis - Published: 2022-04-25 - Updated: 2022-04-25
De multiples vulnérabilités ont été découvertes dans FreeRADIUS Server. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| FreeRadius | FreeRADIUS | FreeRADIUS versions 0.0.1 à 3.0.25 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FreeRADIUS versions 0.0.1 \u00e0 3.0.25",
"product": {
"name": "FreeRADIUS",
"vendor": {
"name": "FreeRadius",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2022-04-25T00:00:00",
"last_revision_date": "2022-04-25T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-384",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans FreeRADIUS Server.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans FreeRADIUS Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FreeRADIUS du 22 avril 2022",
"url": "https://freeradius.org/security/"
}
]
}