Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Freeradius Subscribe
Filtered by product Freeradius
Total 47 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4680 2 Freeradius, Suse 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit 2018-10-09 5.0 MEDIUM 7.5 HIGH
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2011-2701 1 Freeradius 1 Freeradius 2018-10-09 5.8 MEDIUM N/A
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
CVE-2017-9148 1 Freeradius 1 Freeradius 2018-01-04 7.5 HIGH 9.8 CRITICAL
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
CVE-2017-10984 1 Freeradius 1 Freeradius 2018-01-04 7.5 HIGH 9.8 CRITICAL
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
CVE-2017-10983 1 Freeradius 1 Freeradius 2018-01-04 5.0 MEDIUM 7.5 HIGH
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
CVE-2017-10979 1 Freeradius 1 Freeradius 2018-01-04 7.5 HIGH 9.8 CRITICAL
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
CVE-2014-2015 1 Freeradius 1 Freeradius 2018-01-04 7.5 HIGH N/A
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
CVE-2007-2028 1 Freeradius 1 Freeradius 2017-10-10 5.0 MEDIUM N/A
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
CVE-2005-1455 1 Freeradius 1 Freeradius 2017-10-10 7.5 HIGH N/A
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
CVE-2005-1454 1 Freeradius 1 Freeradius 2017-10-10 7.5 HIGH N/A
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
CVE-2006-1354 1 Freeradius 1 Freeradius 2017-10-10 7.5 HIGH N/A
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
CVE-2003-0967 1 Freeradius 1 Freeradius 2017-10-10 5.0 MEDIUM N/A
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
CVE-2004-0960 2 Freeradius, Redhat 3 Freeradius, Enterprise Linux, Fedora Core 2017-10-10 5.0 MEDIUM N/A
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
CVE-2004-0961 2 Freeradius, Redhat 3 Freeradius, Enterprise Linux, Fedora Core 2017-10-10 5.0 MEDIUM N/A
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
CVE-2004-0938 1 Freeradius 1 Freeradius 2017-10-10 5.0 MEDIUM N/A
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
CVE-2009-3111 1 Freeradius 1 Freeradius 2017-09-18 5.0 MEDIUM N/A
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
CVE-2012-3547 1 Freeradius 1 Freeradius 2017-08-28 6.8 MEDIUM N/A
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
CVE-2015-8762 1 Freeradius 1 Freeradius 2017-03-30 4.3 MEDIUM 5.9 MEDIUM
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
CVE-2015-8764 1 Freeradius 1 Freeradius 2017-03-30 6.8 MEDIUM 8.1 HIGH
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
CVE-2015-8763 1 Freeradius 1 Freeradius 2017-03-30 6.8 MEDIUM 8.1 HIGH
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.