CVE-2019-17185

freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.

En FreeRADIUS versiones 3.0.x anteriores a 3.0.20, el módulo EAP-pwd utilizó una instancia OpenSSL BN_CTX global para manejar todos los protocolos de enlace. Esto significa que varios subprocesos utilizan la misma instancia de BN_CTX simultáneamente, resultando en bloqueos cuando los protocolos de enlace EAP-pwd son iniciados. Esto puede ser abusado por un adversario como un ataque de Denegación de Servicio (DoS).

It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-10-04 CVE Reserved
2020-03-21 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-662: Improper Synchronization

CAPEC

References (5)

URL	Tag	Source
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20	Release Notes

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html	2022-04-22
https://freeradius.org/security	2022-04-22
https://access.redhat.com/security/cve/CVE-2019-17185	2020-11-04
https://bugzilla.redhat.com/show_bug.cgi?id=1816680	2020-11-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freeradius Search vendor "Freeradius"		Freeradius Search vendor "Freeradius" for product "Freeradius"				>= 3.0.0 < 3.0.20 Search vendor "Freeradius" for product "Freeradius" and version " >= 3.0.0 < 3.0.20"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected