Published: 21/03/2020 Updated: 22/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In FreeRADIUS 3.0.x prior to 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freeradius freeradius
opensuse leap 15.1

Several security issues were fixed in FreeRADIUS ...

Synopsis Moderate: freeradius security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for freeradius is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...

Synopsis Moderate: freeradius:30 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the freeradius:30 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user (CVE-2019-10143) An information leak was discovered in the ...

CWE-662 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 https://freeradius.org/security/http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html https://ubuntu.com/security/notices/USN-5785-1 https://nvd.nist.gov

CVE-2019-17185

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect