Skip to main content

Freeradius

22 CVEs product

Monthly

CVE-2024-3596 CRITICAL CISA Emergency

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.0% and no vendor patch available.

Information Disclosure Freeradius Brocade Sannav Fabric Operating System Sonicos
NVD
CVSS 3.1
9.0
EPSS
19.0%
Threat
4.4
CVE-2019-13456 MEDIUM POC PATCH This Month

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeradius Enterprise Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-10143 HIGH POC This Week

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Freeradius Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-11235 CRITICAL PATCH Act Now

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Fedora Enterprise Linux Enterprise Linux Eus +6
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-11234 CRITICAL Act Now

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius Fedora Enterprise Linux Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2017-10987 HIGH This Week

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-10986 HIGH PATCH This Week

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-10985 HIGH PATCH This Week

An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-10984 CRITICAL PATCH Act Now

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.5%.

Buffer Overflow Memory Corruption Denial Of Service RCE Freeradius
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2017-10983 HIGH PATCH This Week

An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-10982 HIGH PATCH This Week

An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-10981 HIGH PATCH This Week

An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-10980 HIGH PATCH This Week

An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-10979 CRITICAL PATCH Act Now

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.2%.

Buffer Overflow Memory Corruption Denial Of Service RCE Freeradius
NVD
CVSS 3.0
9.8
EPSS
30.2%
CVE-2017-10978 HIGH PATCH This Week

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Freeradius Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2017-9148 CRITICAL Act Now

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2015-4680 HIGH PATCH This Week

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Linux Enterprise Server Linux Enterprise Software Development Kit
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-8764 HIGH PATCH This Week

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Freeradius
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2015-8763 HIGH PATCH This Week

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Information Disclosure Freeradius
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2015-8762 MEDIUM PATCH This Month

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Null Pointer Dereference Denial Of Service Freeradius
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2014-2015 HIGH POC PATCH This Week

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Freeradius
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-3547 MEDIUM This Month

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 13.3% and no vendor patch available.

Buffer Overflow Denial Of Service RCE Freeradius
NVD
CVSS 2.0
6.8
EPSS
13.3%
EPSS 19% 4.4 CVSS 9.0
CRITICAL Emergency

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.0% and no vendor patch available.

Information Disclosure Freeradius Brocade Sannav +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeradius Enterprise Linux +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC This Week

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Freeradius Fedora +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Fedora +8
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius Fedora +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
EPSS 21% CVSS 9.8
CRITICAL PATCH Act Now

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.5%.

Buffer Overflow Memory Corruption Denial Of Service +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Freeradius
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
EPSS 30% CVSS 9.8
CRITICAL PATCH Act Now

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.2%.

Buffer Overflow Memory Corruption Denial Of Service +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Freeradius +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Linux Enterprise Server +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Freeradius
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Information Disclosure Freeradius
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Null Pointer Dereference Denial Of Service Freeradius
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 13% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 13.3% and no vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy