Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 up to and including 2.1.12, when using TLS-based EAP methods, allows remote malicious users to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freeradius freeradius 2.1.10 |
||
freeradius freeradius 2.1.12 |
||
freeradius freeradius 2.1.11 |