CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.5%
The freeradius development team reports:
A malicious 802.1x supplicant could send malformed Diameter format
attributes inside of an EAP-TTLS tunnel. The server would reject
the authentication request, but would leak one VALUE_PAIR data
structure, of approximately 300 bytes. If an attacker performed
the attack many times (e.g. thousands or more over a period of
minutes to hours), the server could leak megabytes of memory,
potentially leading to an “out of memory” condition, and early
process exit.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | freeradius | <= 1.1.5 | UNKNOWN |
FreeBSD | any | noarch | freeradius-mysql | <= 1.1.5 | UNKNOWN |