Description
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
Affected products
- freeradius / freeradius0.2 – 0.2
- freeradius / freeradius0.3 – 0.3
- freeradius / freeradius0.4 – 0.4
- freeradius / freeradius0.5 – 0.5
- freeradius / freeradius0.8 – 0.8
- freeradius / freeradius0.8.1 – 0.8.1
- freeradius / freeradius0.9 – 0.9
- freeradius / freeradius0.9.1 – 0.9.1
- freeradius / freeradius0.9.2 – 0.9.2
- freeradius / freeradius0.9.3 – 0.9.3
- freeradius / freeradius1.0.0 – 1.0.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / fedora_corecore_2.0 – core_2.0