Vulnerabilities > Freeradius > Freeradius > 3.0.19
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-17 | CVE-2022-41860 | NULL Pointer Dereference vulnerability in Freeradius In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. | 7.5 |
2023-01-17 | CVE-2022-41861 | Improper Input Validation vulnerability in Freeradius A flaw was found in freeradius. | 6.5 |
2020-03-21 | CVE-2019-17185 | Improper Synchronization vulnerability in multiple products In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. | 5.0 |
2019-12-03 | CVE-2019-13456 | Information Exposure Through Discrepancy vulnerability in multiple products In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. | 2.9 |
2019-05-24 | CVE-2019-10143 | Incorrect Privilege Assignment vulnerability in multiple products It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. | 7.0 |