Vulnerabilities > Freeradius > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-17 CVE-2022-41861 Improper Input Validation vulnerability in Freeradius
A flaw was found in freeradius.
network
low complexity
freeradius CWE-20
6.5
2020-03-21 CVE-2019-17185 Improper Synchronization vulnerability in multiple products
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes.
network
low complexity
freeradius opensuse CWE-662
5.0
2020-02-24 CVE-2015-9542 Out-of-bounds Write vulnerability in multiple products
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy().
network
low complexity
freeradius debian canonical CWE-787
5.0
2017-07-17 CVE-2017-10987 Out-of-bounds Read vulnerability in Freeradius
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
network
low complexity
freeradius CWE-125
5.0
2017-07-17 CVE-2017-10986 Infinite Loop vulnerability in Freeradius
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
network
low complexity
freeradius CWE-835
5.0
2017-07-17 CVE-2017-10983 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
network
low complexity
freeradius CWE-119
5.0
2017-07-17 CVE-2017-10982 Out-of-bounds Read vulnerability in Freeradius
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
network
low complexity
freeradius CWE-125
5.0
2017-07-17 CVE-2017-10981 Missing Release of Resource after Effective Lifetime vulnerability in Freeradius
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
network
low complexity
freeradius CWE-772
5.0
2017-07-17 CVE-2017-10980 Missing Release of Resource after Effective Lifetime vulnerability in Freeradius
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
network
low complexity
freeradius CWE-772
5.0
2017-07-17 CVE-2017-10978 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
network
low complexity
freeradius debian redhat CWE-119
5.0