Lucene search

K
cvelistRedhatCVELIST:CVE-2022-41860
HistoryJan 17, 2023 - 12:00 a.m.

CVE-2022-41860

2023-01-1700:00:00
CWE-476
redhat
www.cve.org

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "freeradius",
    "versions": [
      {
        "version": "All versions from 0.9.3 to 3.0.25",
        "status": "affected"
      }
    ]
  }
]