Description
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
Affected products
- freeradius / freeradius0.2 – 0.2
- freeradius / freeradius0.3 – 0.3
- freeradius / freeradius0.4 – 0.4
- freeradius / freeradius0.5 – 0.5
- freeradius / freeradius0.8 – 0.8
- freeradius / freeradius0.8.1 – 0.8.1
- freeradius / freeradius0.9 – 0.9
- freeradius / freeradius0.9.1 – 0.9.1
- freeradius / freeradius0.9.2 – 0.9.2
- freeradius / freeradius0.9.3 – 0.9.3
- freeradius / freeradius1.0.0 – 1.0.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / fedora_corecore_2.0 – core_2.0