Lucene search

PRIOn knowledge basePRION:CVE-2022-41860

HistoryJan 17, 2023 - 6:15 p.m.

Null pointer dereference

2023-01-1718:15:00

PRIOn knowledge base

www.prio-n.com

freeradius

eap-sim

supplicant

unknown sim option

internal dictionaries

null pointer

dereference

server crash

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.0%

JSON

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

CPENameOperatorVersion
freeradiusge0.9.3
freeradiusle3.0.25

CPE	Name	Operator	Version
	freeradius	ge	0.9.3
	freeradius	le	3.0.25

References

freeradius.org/security/

github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a