Known Vulnerabilities for products from Freeradius
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Freeradius".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-3596 json | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Acces... | Not Provided | 2024-07-09 | 2026-05-12 |
| CVE-2022-41861 json | A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cau... | 6.5 - MEDIUM | 2023-01-17 | 2023-07-10 |
| CVE-2022-41860 json | In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the inte... | 7.5 - HIGH | 2023-01-17 | 2023-01-24 |
| CVE-2022-41859 json | In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker ... | 7.5 - HIGH | 2023-01-17 | 2023-01-24 |
| CVE-2019-17185 json | In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This me... | 7.5 - HIGH | 2020-03-21 | 2022-04-22 |
| CVE-2019-13456 json | In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be ... | 6.5 - MEDIUM | 2019-12-03 | 2022-01-01 |
| CVE-2019-11235 json | FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the r... | 9.8 - CRITICAL | 2019-04-22 | 2019-05-13 |
| CVE-2019-11234 json | FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar... | 9.8 - CRITICAL | 2019-04-22 | 2019-05-13 |
| CVE-2019-10143 json | ** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowi... | 7 - HIGH | 2019-05-24 | 2023-11-07 |
| CVE-2017-10987 json | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a deni... | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10986 json | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10985 json | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and ... | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10984 json | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers ... | 9.8 - CRITICAL | 2017-07-17 | 2018-01-05 |
| CVE-2017-10983 json | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63... | 7.5 - HIGH | 2017-07-17 | 2018-01-05 |
| CVE-2017-10982 json | An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial ... | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10981 json | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10980 json | An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. | 7.5 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2017-10979 json | An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers t... | 9.8 - CRITICAL | 2017-07-17 | 2018-01-05 |
| CVE-2017-10978 json | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and ... | 7.5 - HIGH | 2017-07-17 | 2019-07-03 |
| CVE-2017-9148 json | The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-... | 9.8 - CRITICAL | 2017-05-29 | 2018-01-05 |
Known software with vulnerabilities from Freeradius
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Freeradius | Freeradius | 0.1 |
| Application | Freeradius | Pam Radius | 1.3.17 |