Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Freeradius | Freeradius | 0.2 | 0.2 |
Freeradius | Freeradius | 0.3 | 0.3 |
Radius | Gnu | 0.92.1 | 0.92.1 |
Radius | Gnu | 0.93 | 0.93 |
Radius | Gnu | 0.94 | 0.94 |
Radius | Gnu | 0.95 | 0.95 |
Icradius | Icradius | 0.14 | 0.14 |
Icradius | Icradius | 0.15 | 0.15 |
Icradius | Icradius | 0.16 | 0.16 |
Icradius | Icradius | 0.17 | 0.17 |
Icradius | Icradius | 0.17b | 0.17b |
Icradius | Icradius | 0.18 | 0.18 |
Icradius | Icradius | 0.18.1 | 0.18.1 |
Radius | Livingston | 2.0 | 2.0 |
Radius | Livingston | 2.0.1 | 2.0.1 |
Radius | Livingston | 2.1 | 2.1 |
Radius | Lucent | 2.0 | 2.0 |
Radius | Lucent | 2.0.1 | 2.0.1 |
Radius | Lucent | 2.1 | 2.1 |
Radius | Miquel_van_smoorenburg_cistron | 1.6.1 | 1.6.1 |
Radius | Miquel_van_smoorenburg_cistron | 1.6.2 | 1.6.2 |
Radius | Miquel_van_smoorenburg_cistron | 1.6.3 | 1.6.3 |
Radius | Miquel_van_smoorenburg_cistron | 1.6.4 | 1.6.4 |
Radius | Miquel_van_smoorenburg_cistron | 1.6.5 | 1.6.5 |
Radius | Miquel_van_smoorenburg_cistron | 1.6_.0 | 1.6_.0 |
Openradius | Openradius | 0.8 | 0.8 |
Openradius | Openradius | 0.9 | 0.9 |
Openradius | Openradius | 0.9.1 | 0.9.1 |
Openradius | Openradius | 0.9.2 | 0.9.2 |
Openradius | Openradius | 0.9.3 | 0.9.3 |
Radiusclient | Radiusclient | 0.3.1 | 0.3.1 |
Xtradius | Xtradius | 1.1_pre1 | 1.1_pre1 |
Xtradius | Xtradius | 1.1_pre2 | 1.1_pre2 |
Yard_radius | Yard_radius | 1.0.17 | 1.0.17 |
Yard_radius | Yard_radius | 1.0.18 | 1.0.18 |
Yard_radius | Yard_radius | 1.0.19 | 1.0.19 |
Yard_radius | Yard_radius | 1.0_pre13 | 1.0_pre13 |
Yard_radius | Yard_radius | 1.0_pre14 | 1.0_pre14 |
Yard_radius | Yard_radius | 1.0_pre15 | 1.0_pre15 |
Yard_radius | Yard_radius_project | 1.0.16 | 1.0.16 |