Published: 22/04/2019 Updated: 13/05/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

FreeRADIUS prior to 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freeradius freeradius
fedoraproject fedora
redhat enterprise linux 7.0
canonical ubuntu linux 19.04
canonical ubuntu linux 18.10
canonical ubuntu linux 18.04

Debian Bug report logs - #926958 freeradius: VU#871675: Authentication bypass in EAP-PWD (CVE-2019-11234 CVE-2019-11235) Package: src:freeradius; Maintainer for src:freeradius is Debian FreeRADIUS Packaging Team <pkg-freeradius-maintainers@listsaliothdebianorg>; Reported by: Bernhard Schmidt <berni@debianorg> Date ...

FreeRADIUS could be made to bypass authentication if it received a specially crafted input ...

Synopsis Important: freeradius:30 security update Type/Severity Security Advisory: Important Topic An update for the freeradius:30 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: freeradius security update Type/Severity Security Advisory: Important Topic An update for freeradius is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...

FreeRADIUS mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499(CVE-2019-11235) FreeRADIUS before 3019 does not prevent use of reflectio ...

CWE-287 https://www.kb.cert.org/vuls/id/871675/https://papers.mathyvanhoef.com/dragonblood.pdf https://freeradius.org/security/https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://bugzilla.redhat.com/show_bug.cgi?id=1695783 https://usn.ubuntu.com/3954-1/http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926958 https://usn.ubuntu.com/3954-1/https://nvd.nist.gov

CVE-2019-11234

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect