27 matches found
MiracleLinux 9 : freeradius-3.0.21-37.el9 (AXSA:2023-5499:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5499:02 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...
Debian: Security Advisory (DLA-4232-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4232-1] freeradius security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4232-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 26, 2025 https://wiki.debian.org/LTS -...
Linux Distros Unpatched Vulnerability : CVE-2022-41860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will...
CVE-2022-41860 affecting package freeradius for versions less than 3.2.3-1
CVE-2022-41860 affecting package freeradius for versions less than 3.2.3-1. An upgraded version of the package is available that resolves this issue...
AlmaLinux 8 : freeradius:3.0 (ALSA-2023:2870)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2870 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid abina...
Moderate: Red Hat Security Advisory: freeradius:3.0 security update
An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: freeradius:3.0 security update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...
Moderate: Red Hat Security Advisory: freeradius security and bug fix update
An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: freeradius security and bug fix update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...
Amazon Linux AMI : freeradius (ALAS-2023-1699)
The version of freeradius installed on the remote host is prior to 2.2.6-7.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1699 advisory. When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...
Medium: freeradius
Issue Overview: When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
Medium: freeradius
Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...
Debian: Security Advisory (DLA-3342-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3342-1] freeradius security update
Debian LTS Advisory DLA-3342-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 24, 2023 https://wiki.debian.org/LTS Package : freeradius Version : 3.0.17+dfsg-1.1+deb10u2 CVE ID : CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 Several flaws were found in...
EulerOS 2.0 SP8 : freeradius (EulerOS-SA-2023-1312)
According to the versions of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...
SUSE: Security Advisory (SUSE-SU-2023:0135-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0135-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks bsc1206204. - CVE-2022-41860: Fixed a crash in servers with EAPSIM manually configured, which could b...
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
CVE-2022-41860
CVE-2022-41860 affects FreeRADIUS: when an EAP-SIM supplicant sends an unknown SIM option, the server looks it up in internal dictionaries, fails, but the SIM code dereferences a NULL pointer, crashing the server. Connected advisories confirm fixes in multiple distributions; Debian LTS/DLA adviso...