Vulnerabilities > Freeradius > Freeradius > 2.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-3596 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | 9.0 |
| 2023-01-17 | CVE-2022-41859 | Insufficiently Protected Credentials vulnerability in Freeradius In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. | 7.5 |
| 2023-01-17 | CVE-2022-41860 | Unspecified vulnerability in Freeradius In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. | 7.5 |
| 2023-01-17 | CVE-2022-41861 | Improper Input Validation vulnerability in Freeradius A flaw was found in freeradius. | 6.5 |
| 2019-05-24 | CVE-2019-10143 | It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. | 7.0 |
| 2019-04-22 | CVE-2019-11235 | Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. | 9.8 |
| 2019-04-22 | CVE-2019-11234 | Improper Authentication vulnerability in multiple products FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | 9.8 |
| 2017-07-17 | CVE-2017-10983 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | 7.5 |
| 2017-07-17 | CVE-2017-10982 | Out-of-bounds Read vulnerability in Freeradius An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. | 7.5 |
| 2017-07-17 | CVE-2017-10981 | Missing Release of Resource after Effective Lifetime vulnerability in Freeradius An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | 7.5 |