CVE-2004-0849

The CVE-2004-0849 issue affects GNU Radius radiusd (versions 1.1 and 1.2 prior to 1.2.94) where an integer overflow in asn_decode_string() (snmplib/asn1.c) can crash the daemon via crafted SNMP requests when built with --enable-snmp. The vulnerability is triggered by very large unsigned values in...

CVE-2001-1376

CVE-2001-1376 describes a buffer overflow in the RADIUS digest calculation function across multiple implementations. The overflow occurs while concatenating the shared secret with the received packet during digest computation, enabling remote denial of service and, in some cases, arbitrary code e...

CVE-2001-1377

CVE-2001-1377 affects multiple RADIUS implementations that fail to validate the Vendor-Length of Vendor-Specific attributes, enabling a remote attacker to crash the server when Vendor-Length

CVE-2004-0131

The CVE refers to GNU Radius radiusd (daemon) prior to 1.2. The vulnerability is triggered by a UDP packet containing an Acct-Status-Type attribute without a value and without an Acct-Session-Id attribute, causing a null dereference and a denial of service. Affected component: logger.c in rad_pri...

CVE-2004-0576

The CVE-2004-0576 issue affects GNU Radius 1.1 when built with the -enable-snmp option. The underlying vulnerability is in the SNMP message handling code, where a malformed SNMP packet containing an invalid OID can cause the radiusd service to crash, enabling remote denial-of-service exploitation...

CVE-2006-4181

CVE-2006-4181 refers to a format-string vulnerability in GNU Radius’ SQL accounting code (sqllog) used by radiusd when SQL back-ends (postgresql/mysql/odbc) are enabled. The issue exists in Radius 1.2 and 1.3 and can allow an unauthenticated remote attacker to execute arbitrary code with the radi...