Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5785-1
HistoryJan 04, 2023 - 12:00 a.m.

FreeRADIUS vulnerabilities

2023-01-0400:00:00
ubuntu.com
48

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.0%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • freeradius - high-performance and highly configurable RADIUS server

Details

It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd
handshakes. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17185)

Shane Guan discovered that FreeRADIUS incorrectly handled memory when
checking unknown SIM option sent by EAP-SIM supplicant. An attacker could
possibly use this issue to cause a denial of service on the server. This
issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2022-41860)

It was discovered that FreeRADIUS incorrectly handled memory when
processing certain abinary attributes. An attacker could possibly use this
issue to cause a denial of service on the server. (CVE-2022-41861)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchfreeradius< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-common< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-config< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-dbgsym< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-dhcp< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-dhcp-dbgsym< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-iodbc< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-iodbc-dbgsym< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-krb5< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Ubuntu22.04noarchfreeradius-krb5-dbgsym< 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1UNKNOWN
Rows per page:
1-10 of 1121

Related

nessus 38
openvas 20
osv 8
debian 1
redhat 4
fedora 1
oraclelinux 4
almalinux 3
amazon 3
mageia 2
redhatcve 3
rocky 1
ubuntucve 3
debiancve 3
veracode 3
cve 3
prion 3
alpinelinux 2
cbl_mariner 2
suse 1
centos 1
ics 1
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : FreeRADIUS vulnerabilities (USN-5785-1)
2023-01-04 00:00:00
EulerOS 2.0 SP8 : freeradius (EulerOS-SA-2023-1312)
2023-02-08 00:00:00
RHEL 9 : freeradius (RHSA-2023:2166)
2023-05-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5785-1)
2023-01-05 00:00:00
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2023-1312)
2023-02-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4621-1)
2022-12-28 00:00:00
osv
osv
freeradius vulnerabilities
2023-01-04 10:53:54
Moderate: freeradius security and bug fix update
2023-05-09 00:00:00
Moderate: freeradius:3.0 security update
2023-05-16 00:00:00
debian
debian
[SECURITY] [DLA 3342-1] freeradius security update
2023-02-24 16:29:58
redhat
redhat
(RHSA-2023:2166) Moderate: freeradius security and bug fix update
2023-05-09 05:02:09
(RHSA-2023:2870) Moderate: freeradius:3.0 security update
2023-05-16 05:57:04
(RHSA-2020:4799) Moderate: freeradius:3.0 security and bug fix update
2020-11-03 12:37:04
fedora
fedora
[SECURITY] Fedora 36 Update: freeradius-3.0.26-1.fc36
2022-12-16 01:43:43
oraclelinux
oraclelinux
freeradius:3.0 security update
2023-05-24 00:00:00
freeradius security and bug fix update
2023-05-15 00:00:00
freeradius:3.0 security and bug fix update
2020-11-10 00:00:00
almalinux
almalinux
Moderate: freeradius security and bug fix update
2023-05-09 00:00:00
Moderate: freeradius:3.0 security update
2023-05-16 00:00:00
Moderate: freeradius:3.0 security and bug fix update
2020-11-03 12:37:04
amazon
amazon
Medium: freeradius
2023-03-02 21:50:00
Medium: freeradius
2023-03-02 20:22:00
Medium: freeradius
2020-10-22 17:34:00
mageia
mageia
Updated freeradius packages fix security vulnerability
2022-12-31 01:39:00
Updated freeradius packages fix security vulnerabilities
2020-01-05 18:37:51
redhatcve
redhatcve
CVE-2022-41860
2022-12-07 17:01:21
CVE-2022-41861
2022-12-07 17:31:23
CVE-2019-17185
2020-03-24 14:21:41
rocky
rocky
freeradius:3.0 security and bug fix update
2020-11-03 12:37:04
ubuntucve
ubuntucve
CVE-2019-17185
2020-03-21 00:00:00
CVE-2022-41861
2022-12-14 00:00:00
CVE-2022-41860
2022-12-14 00:00:00
debiancve
debiancve
CVE-2019-17185
2020-03-21 01:15:00
CVE-2022-41860
2023-01-17 18:15:11
CVE-2022-41861
2023-01-17 18:15:11
veracode
veracode
Denial Of Service (DoS)
2023-03-12 08:48:38
Buffer Over-read
2020-10-01 03:53:18
Denial Of Service (DoS)
2023-03-12 08:48:40
cve
cve
CVE-2022-41861
2023-01-17 18:15:11
CVE-2019-17185
2020-03-21 01:15:00
CVE-2022-41860
2023-01-17 18:15:11
prion
prion
Design/Logic Flaw
2020-03-21 01:15:00
Design/Logic Flaw
2023-01-17 18:15:00
Null pointer dereference
2023-01-17 18:15:00
alpinelinux
alpinelinux
CVE-2022-41861
2023-01-17 18:15:11
CVE-2022-41860
2023-01-17 18:15:11
cbl_mariner
cbl_mariner
CVE-2022-41860 affecting package freeradius 3.0.21-9
2023-10-11 03:02:00
CVE-2022-41861 affecting package freeradius 3.0.21-9
2023-10-11 03:02:00
suse
suse
Security update for freeradius-server (moderate)
2020-04-26 00:00:00
centos
centos
freeradius security update
2020-10-20 18:02:54
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.0%

JSON
Related for USN-5785-1
nessus38openvas20osv8debian1redhat4fedora1oraclelinux4almalinux3amazon3mageia2redhatcve3rocky1ubuntucve3debiancve3veracode3cve3prion3alpinelinux2cbl_mariner2suse1centos1ics1