← Back

Pam Radius

pam_radius

Vendor: Freeradius • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-9542
3Canonical
DebianFreeradius
3Debian Linux
Pam RadiusUbuntu Linux
Nov 21, 2024
Feb 24, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted passwo...Show more
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.Show less