Freeradius

freeradius

Vendor: Freeradius • 47 CVEs

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-4680 2Freeradius Suse 3Freeradius Linux Enterprise ServerLinux Enterprise Software Development Kit May 13, 2026 Apr 5, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2015-8764 1Freeradius 1Freeradius May 13, 2026 Mar 27, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
CVE-2015-8763 1Freeradius 1Freeradius May 13, 2026 Mar 27, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
CVE-2015-8762 1Freeradius 1Freeradius May 13, 2026 Mar 27, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
CVE-2014-2015 1Freeradius 1Freeradius May 6, 2026 Nov 2, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a d...Show more Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.Show less
CVE-2011-4966 1Freeradius 1Freeradius Apr 29, 2026 Mar 12, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authen...Show more modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.Show less
CVE-2012-3547 1Freeradius 1Freeradius Apr 29, 2026 Sep 18, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arb...Show more Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.Show less
CVE-2011-2701 1Freeradius 1Freeradius Apr 29, 2026 Aug 4, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS proto...Show more The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.Show less
CVE-2010-3697 1Freeradius 1Freeradius Apr 29, 2026 Oct 7, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows re...Show more The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.Show less
CVE-2010-3696 1Freeradius 1Freeradius Apr 29, 2026 Oct 7, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (...Show more The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-3111 1Freeradius 1Freeradius Apr 23, 2026 Sep 9, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Pr...Show more The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.Show less
CVE-2008-4474 1Freeradius 1Freeradius Apr 23, 2026 Oct 7, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) t...Show more freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.Show less
CVE-2007-2028 1Freeradius 1Freeradius Apr 23, 2026 Apr 13, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which ca...Show more Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.Show less
CVE-2007-0080 1Freeradius 1Freeradius Apr 23, 2026 Jan 5, 2007 N/A· v4 N/A· v3 6.6 MEDIUM· v2 Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this...Show more Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the disputeShow less
CVE-2006-1354 1Freeradius 1Freeradius Apr 16, 2026 Mar 22, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine...Show more Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.Show less
CVE-2005-4746 1Freeradius 1Freeradius Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 7.8 HIGH· v2 Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
CVE-2005-4745 1Freeradius 1Freeradius Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2005-4744 1Freeradius 1Freeradius Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute ar...Show more Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.Show less
CVE-2005-1455 1Freeradius 1Freeradius Apr 16, 2026 May 19, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
CVE-2005-1454 1Freeradius 1Freeradius Apr 16, 2026 May 19, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_cou...Show more SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.Show less

Previous 123 Next