Vulnerabilities > Freeradius

DATE CVE VULNERABILITY TITLE RISK
2020-03-21 CVE-2019-17185 Improper Input Validation vulnerability in Freeradius
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes.
network
low complexity
freeradius CWE-20
5.0
2020-02-24 CVE-2015-9542 Out-Of-Bounds Write vulnerability in multiple products
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy().
network
low complexity
freeradius debian canonical CWE-787
5.0
2019-12-03 CVE-2019-13456 Information Exposure vulnerability in multiple products
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop.
2.9
2019-05-24 CVE-2019-10143 Permissions, Privileges, and Access Controls vulnerability in multiple products
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
6.9
2019-04-22 CVE-2019-11235 Insufficient Verification of Data Authenticity vulnerability in multiple products
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
7.5
2019-04-22 CVE-2019-11234 Improper Authentication vulnerability in multiple products
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
7.5
2017-07-17 CVE-2017-10987 Out-Of-Bounds Read vulnerability in Freeradius
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
network
low complexity
freeradius CWE-125
5.0
2017-07-17 CVE-2017-10986 Infinite Loop vulnerability in Freeradius
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
network
low complexity
freeradius CWE-835
5.0
2017-07-17 CVE-2017-10985 Infinite Loop vulnerability in Freeradius
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
network
low complexity
freeradius CWE-835
7.8
2017-07-17 CVE-2017-10984 Out-Of-Bounds Write vulnerability in Freeradius
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
network
low complexity
freeradius CWE-787
7.5