Search CVE reports


Toggle filters

1 – 10 of 41 results


CVE-2024-3596

Medium priority

Some fixes available 3 of 20

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix...

3 affected packages

freeradius, krb5, libpam-radius-auth

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Fixed Fixed Fixed Vulnerable Vulnerable
krb5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpam-radius-auth Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-41859

Medium priority
Ignored

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Not affected Ignored Ignored Not affected
Show less packages

CVE-2022-41861

Medium priority
Fixed

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-41860

Medium priority
Fixed

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it...

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-17185

Low priority

Some fixes available 1 of 2

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when...

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Not affected Not affected Fixed Not affected
Show less packages

CVE-2019-13456

Medium priority
Not affected

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can...

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Not affected Not affected
Show less packages

CVE-2019-10143

Low priority
Needs evaluation

** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by...

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-11235

Medium priority
Fixed

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood"...

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Fixed Not affected
Show less packages

CVE-2019-11234

Medium priority
Fixed

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Fixed Not affected
Show less packages

CVE-2017-10987

Medium priority
Fixed

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.

1 affected package

freeradius

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
freeradius Not affected
Show less packages