freeradius: Crash on invalid abinary data

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash...

SUSE CVE-2004-0365

The dissectattributevaluepairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service crash via a malformed RADIUS packet that triggers a null dereference...

SUSE CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

OESA-2022-2165 freeradius security update

Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: When an EAP-SIM supplicant sends an unknown SIM option, th...

L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump

Jonathan Heusser discovered vulnerabilities in tcpdump's L2TP, ISAKMP, and RADIUS protocol handlers. These vulnerabilities may be used by an attacker to crash a running tcpdump' process...