5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
81.0%
An iDEFENSE security advisory reports:
Remote exploitation of an input validation error in
version 1.2 of GNU radiusd could allow a denial of
service.
The vulnerability specifically exists within
the asn_decode_string() function defined in
snmplib/asn1.c. When a very large unsigned number is
supplied, it is possible that an integer overflow will
occur in the bounds-checking code. The daemon will then
attempt to reference unallocated memory, resulting in an
access violation that causes the process to terminate.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | gnu-radius | < 1.2.94 | UNKNOWN |