Vulnerabilities > Freeradius > Freeradius > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-17 CVE-2022-41859 Insufficiently Protected Credentials vulnerability in Freeradius
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
network
low complexity
freeradius CWE-522
7.5
2023-01-17 CVE-2022-41860 NULL Pointer Dereference vulnerability in Freeradius
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries.
network
low complexity
freeradius CWE-476
7.5
2019-05-24 CVE-2019-10143 Incorrect Privilege Assignment vulnerability in multiple products
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
local
high complexity
freeradius fedoraproject redhat CWE-266
7.0
2019-04-22 CVE-2019-11235 Insufficient Verification of Data Authenticity vulnerability in multiple products
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
7.5
2019-04-22 CVE-2019-11234 Improper Authentication vulnerability in multiple products
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
7.5
2017-07-17 CVE-2017-10985 Infinite Loop vulnerability in Freeradius
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
network
low complexity
freeradius CWE-835
7.8
2017-07-17 CVE-2017-10984 Out-of-bounds Write vulnerability in Freeradius
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
network
low complexity
freeradius CWE-787
7.5
2017-07-17 CVE-2017-10979 Out-of-bounds Write vulnerability in Freeradius
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
network
low complexity
freeradius CWE-787
7.5
2017-05-29 CVE-2017-9148 Improper Authentication vulnerability in Freeradius
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
network
low complexity
freeradius CWE-287
7.5
2014-11-02 CVE-2014-2015 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freeradius
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
network
low complexity
freeradius CWE-119
7.5