Vulnerability Details CVE-2004-0849
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
- http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17391
- http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
- http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17391
Products affected by CVE-2004-0849
-
cpe:2.3:a:gnu:radius:0.92.1
-
cpe:2.3:a:gnu:radius:0.93
-
cpe:2.3:a:gnu:radius:0.94
-
cpe:2.3:a:gnu:radius:0.95
-
cpe:2.3:a:gnu:radius:0.96
-
cpe:2.3:a:gnu:radius:1.1
-
cpe:2.3:a:gnu:radius:1.2