CVE-2004-0849

Description

Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.

Affected products

• gnu / radius0.92.1 – 0.92.1
• gnu / radius0.93 – 0.93
• gnu / radius0.94 – 0.94
• gnu / radius0.95 – 0.95
• gnu / radius0.96 – 0.96
• gnu / radius1.1 – 1.1
• gnu / radius1.2 – 1.2

References

• MAILING_LISThttp://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17391
• MISChttp://www.idefense.com/application/poi/display?id=141&type=vulnerabilities