Vulnerabilities > Freeradius > Freeradius > 3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-10984 | Out-of-bounds Write vulnerability in Freeradius An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | 7.5 |
| 2017-07-17 | CVE-2017-10983 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | 5.0 |
| 2017-07-17 | CVE-2017-10978 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | 5.0 |
| 2017-05-29 | CVE-2017-9148 | Improper Authentication vulnerability in Freeradius The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. | 7.5 |
| 2017-04-05 | CVE-2015-4680 | Improper Certificate Validation vulnerability in multiple products FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | 5.0 |
| 2017-03-27 | CVE-2015-8764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | 6.8 |
| 2017-03-27 | CVE-2015-8763 | Out-of-bounds Read vulnerability in Freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. | 6.8 |
| 2017-03-27 | CVE-2015-8762 | NULL Pointer Dereference vulnerability in Freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | 4.3 |
| 2014-11-02 | CVE-2014-2015 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freeradius Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. | 7.5 |