CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41859 – freeradius: Information leakage in EAP-PWD
https://notcve.org/view.php?id=CVE-2022-41859
17 Jan 2023 — In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. En freeradius, la función EAP-PWD Compute_password_element() filtra información sobre la contraseña, lo que permite a un atacante reducir sustancialmente el tamaño de un ataque de diccionario fuera de línea. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, ... • https://freeradius.org/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41861 – freeradius: Crash on invalid abinary data
https://notcve.org/view.php?id=CVE-2022-41861
04 Jan 2023 — A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. • https://freeradius.org/security • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41860 – freeradius: Crash on unknown option in EAP-SIM
https://notcve.org/view.php?id=CVE-2022-41860
04 Jan 2023 — In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. En freeradius, cuando un solicitante de EAP-SIM envía una opción SIM desconocida, el servidor intentará buscar esa opción en los diccionarios internos. Esta búsqueda fallará, pero el código SIM no verificará ese error. • https://freeradius.org/security • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 3CVE-2019-10143 – freeradius: privilege escalation due to insecure logrotate configuration
https://notcve.org/view.php?id=CVE-2019-10143
24 May 2019 — It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." ** EN DISPUTA **Se encontró que freeradius hasta la ... • https://packetstorm.news/files/id/155361 • CWE-250: Execution with Unnecessary Privileges CWE-266: Incorrect Privilege Assignment CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-11235 – freeradius: eap-pwd: authentication bypass via an invalid curve attack
https://notcve.org/view.php?id=CVE-2019-11235
21 Apr 2019 — FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección "cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11234 – freeradius: eap-pwd: fake authentication using reflection
https://notcve.org/view.php?id=CVE-2019-11234
21 Apr 2019 — FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. FreeRADIUS antes de 3.0.19 no impide el uso de la reflexión para la autenticación de spoofing, también conocido como "Dragonblood", un problema similar al CVE-2019-9497. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. I... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 0CVE-2017-10978 – freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret()
https://notcve.org/view.php?id=CVE-2017-10978
17 Jul 2017 — An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. Un problema FR-GV-201 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite un "Read / write overflow in make_secret()" y una denegación de servicio. An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a spe... • http://freeradius.org/security/fuzzer-2017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-10980 – freeradius: Memory leak in decode_tlv()
https://notcve.org/view.php?id=CVE-2017-10980
17 Jul 2017 — An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. Un problema FR-GV-203 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in decode_tlv()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time possibly leading to a c... • http://freeradius.org/security/fuzzer-2017.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-10981 – freeradius: Memory leak in fr_dhcp_decode()
https://notcve.org/view.php?id=CVE-2017-10981
17 Jul 2017 — An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Un problema FR-GV-204 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in fr_dhcp_decode()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leadi... • http://freeradius.org/security/fuzzer-2017.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2017-10983 – freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63
https://notcve.org/view.php?id=CVE-2017-10983
17 Jul 2017 — An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Un problema FR-GV-206 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite una "DHCP - Read overflow when decoding option 63" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by ... • http://freeradius.org/security/fuzzer-2017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •