freeradius · threatengine.sh

CVE-2024-3596

< 3.0.27

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Acc

9.0CRITICAL

CVE-2022-41861

<= 3.0.25

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause th

6.5MEDIUM

CVE-2022-41860

>= 0.9.3 and <= 3.0.25

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal

7.5HIGH

CVE-2022-41859

< 3.0.0

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to su

7.5HIGH

CVE-2019-17185

>= 3.0.0 and < 3.0.20

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean mu

7.5HIGH

CVE-2015-9542

all versions

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable

7.5HIGH

CVE-2019-13456

>= 3.0.0 and <= 3.0.19

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found

6.5MEDIUM

CVE-2019-10143

<= 3.0.19

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker

7.0HIGH

CVE-2019-11235

< 3.0.19

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the receiv

9.8CRITICAL

CVE-2019-11234

< 3.0.19

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issu

9.8CRITICAL

CVE-2017-10987

all versions

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of

7.5HIGH

CVE-2017-10986

all versions

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.

7.5HIGH

CVE-2017-10985

all versions

An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a den

7.5HIGH

CVE-2017-10984

all versions

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to ca

9.8CRITICAL

CVE-2017-10983

all versions

An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and

7.5HIGH

CVE-2017-10982

all versions

An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of se

7.5HIGH

CVE-2017-10981

all versions

An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.

7.5HIGH

CVE-2017-10980

all versions

An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.

7.5HIGH

CVE-2017-10979

all versions

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cau

9.8CRITICAL

CVE-2017-10978

>= 2.0 and < 2.2.10

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a den

7.5HIGH

CVE-2017-9148

all versions

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04

9.8CRITICAL

CVE-2015-4680

all versions

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

7.5HIGH

CVE-2015-8764

all versions

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.

8.1HIGH

CVE-2015-8763

all versions

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or

8.1HIGH

CVE-2015-8762

all versions

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference

5.9MEDIUM

CVE-2014-2015

all versions

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly

CVE-2011-4966

all versions

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check

CVE-2012-3547

all versions

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, al

CVE-2011-2701

all versions

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP res

CVE-2010-3697

all versions

The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term

CVE-2010-3696

all versions

The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Re

CVE-2009-3111

<= 1.1.7

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-l

CVE-2008-4474

all versions

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files

CVE-2007-2028

<= 1.1.5

Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large

CVE-2007-0080

<= 1.1.3

Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code rela

CVE-2006-1354

all versions

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of se

CVE-2005-4746

all versions

Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_

CVE-2005-4745

all versions

SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrar

CVE-2005-4744

all versions

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4,

CVE-2005-1455

all versions

Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to caus

CVE-2005-1454

all versions

SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authentic

CVE-2004-0961

all versions

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Ac

CVE-2004-0960

all versions

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attribu

CVE-2004-0938

<= 1.0.1

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attri

CVE-2003-0967

<= 0.9.2

rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string

CVE-2002-0318

all versions

FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request pack

CVE-2001-1377

all versions

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote a

CVE-2001-1376

all versions

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of ser