Known Vulnerabilities for products from Freeradius
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Freeradius".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-41861 | A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cau... | 6.5 - MEDIUM | 2023-01-17 | 2023-07-10 |
| CVE-2022-41860 | In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the inte... | 7.5 - HIGH | 2023-01-17 | 2023-01-24 |
| CVE-2022-41859 | In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker ... | 7.5 - HIGH | 2023-01-17 | 2023-01-24 |
| CVE-2019-17185 | In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This me... | 7.5 - HIGH | 2020-03-21 | 2022-04-22 |
| CVE-2019-13456 | In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be ... | 6.5 - MEDIUM | 2019-12-03 | 2022-01-01 |
| CVE-2019-11235 | FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the r... | 9.8 - CRITICAL | 2019-04-22 | 2019-05-13 |
| CVE-2019-11234 | FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar... | 9.8 - CRITICAL | 2019-04-22 | 2019-05-13 |
| CVE-2019-10143 | ** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowi... | 7 - HIGH | 2019-05-24 | 2023-11-07 |
| CVE-2017-10987 | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a deni... | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10986 | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10985 | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and ... | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10984 | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers ... | 9.8 - CRITICAL | 2017-07-17 | 2018-01-05 |
| CVE-2017-10983 | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63... | 7.5 - HIGH | 2017-07-17 | 2018-01-05 |
| CVE-2017-10982 | An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial ... | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10981 | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10980 | An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10979 | An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers t... | 9.8 - CRITICAL | 2017-07-17 | 2018-01-05 |
| CVE-2017-10978 | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and ... | 7.5 - HIGH | 2017-07-17 | 2019-07-03 |
| CVE-2017-9148 | The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-... | 9.8 - CRITICAL | 2017-05-29 | 2018-01-05 |
| CVE-2015-9542 | add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulne... | 7.5 - HIGH | 2020-02-24 | 2020-08-14 |
Known software with vulnerabilities from Freeradius
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Freeradius | Freeradius | 0.1 |
| Application | Freeradius | Pam Radius | 1.3.17 |