Lucene search

K
cvelistRedhatCVELIST:CVE-2022-41860
HistoryJan 17, 2023 - 12:00 a.m.

CVE-2022-41860

2023-01-1700:00:00
CWE-476
redhat
www.cve.org
freeradius
eap-sim
option lookup
vulnerability
server crash

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "freeradius",
    "versions": [
      {
        "version": "All versions from 0.9.3 to 3.0.25",
        "status": "affected"
      }
    ]
  }
]