Shodan
Vulnerabilities
Vulnerable Software
Freeradius:  >> Freeradius  >> 2.1.9  Security Vulnerabilities
CVE-2017-10981
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
CVSS Score
7.5
EPSS Score
0.011
Published
2017-07-17
CVE-2017-10982
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-07-17
CVE-2017-10983
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
CVSS Score
7.5
EPSS Score
0.019
Published
2017-07-17
CVE-2014-2015
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
CVSS Score
7.5
EPSS Score
0.009
Published
2014-11-02
CVE-2011-4966
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
CVSS Score
6.0
EPSS Score
0.004
Published
2013-03-12
CVE-2010-3696
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.008
Published
2010-10-07
CVE-2010-3697
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.
CVSS Score
4.3
EPSS Score
0.009
Published
2010-10-07
CVE-2002-0318
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
CVSS Score
5.0
EPSS Score
0.01
Published
2002-06-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved