freeradius is heap-based buffer over-read. It is possible due to a flaw in multithreaded BN_CTX access.
CPE | Name | Operator | Version |
---|---|---|---|
freeradius | eq | 3.0.13__9.el7_5 | |
freeradius | eq | 3.0.13__10.el7_6 | |
freeradius | eq | 3.0.13__8.el7_4 | |
freeradius | eq | 3.0.13__9.el7_4 |
lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
access.redhat.com/errata/RHSA-2020:3984
access.redhat.com/security/updates/classification/#moderate
freeradius.org/security/
github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20