Vulnerabilities > Freeradius

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2015-4680 Improper Certificate Validation vulnerability in multiple products
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
network
low complexity
freeradius suse CWE-295
5.0
2017-03-27 CVE-2015-8764 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
6.8
2017-03-27 CVE-2015-8763 Out-of-bounds Read vulnerability in Freeradius
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
6.8
2017-03-27 CVE-2015-8762 NULL Pointer Dereference vulnerability in Freeradius
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
4.3
2014-11-02 CVE-2014-2015 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freeradius
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
network
low complexity
freeradius CWE-119
7.5
2013-03-12 CVE-2011-4966 Credentials Management vulnerability in Freeradius
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
6.0
2012-09-18 CVE-2012-3547 Buffer Errors vulnerability in Freeradius 2.1.10/2.1.11/2.1.12
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
6.8
2011-08-04 CVE-2011-2701 Improper Authentication vulnerability in Freeradius 2.1.11
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
5.8
2010-10-07 CVE-2010-3697 Resource Management Errors vulnerability in Freeradius
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.
4.3
2009-09-09 CVE-2009-3111 Denial of Service vulnerability in FreeRADIUS Zero-length Tunnel-Password Attributes
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.
network
low complexity
freeradius
5.0