Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeradius vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3547
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 up to and including 2.1.12, when using TLS-based EAP methods, allows remote malicious users to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after&quo...
Freeradius Freeradius 2.1.10
Freeradius Freeradius 2.1.12
Freeradius Freeradius 2.1.11
NA
CVE-2005-4744
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to...
Freeradius Freeradius 1.0.4
Freeradius Freeradius 1.0.3
NA
CVE-2005-4745
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote malicious users to execute arbitrary SQL commands via unknown attack vectors.
Freeradius Freeradius 1.0.3
Freeradius Freeradius 1.0.4
NA
CVE-2005-4746
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote malicious users to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
Freeradius Freeradius 1.0.3
Freeradius Freeradius 1.0.4
NA
CVE-2003-0967
rad_decode in FreeRADIUS 0.9.2 and previous versions allows remote malicious users to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
Freeradius Freeradius
1 EDB exploit
7.5
CVSSv3
CVE-2022-41859
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an malicious user to substantially reduce the size of an offline dictionary attack.
Freeradius Freeradius
NA
CVE-2007-2028
Memory leak in freeRADIUS 1.1.5 and previous versions allows remote malicious users to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be reject...
Freeradius Freeradius
NA
CVE-2007-0080
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and previous versions allows malicious users to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third ...
Freeradius Freeradius
NA
CVE-2002-0318
FreeRADIUS RADIUS server allows remote malicious users to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
Freeradius Freeradius
7.5
CVSSv3
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the serv...
Freeradius Freeradius
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »