Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freeradius | Freeradius | 0.2 (including) | 0.2 (including) |
| Freeradius | Freeradius | 0.3 (including) | 0.3 (including) |
| Radius | Gnu | 0.92.1 (including) | 0.92.1 (including) |
| Radius | Gnu | 0.93 (including) | 0.93 (including) |
| Radius | Gnu | 0.94 (including) | 0.94 (including) |
| Radius | Gnu | 0.95 (including) | 0.95 (including) |
| Icradius | Icradius | 0.14 (including) | 0.14 (including) |
| Icradius | Icradius | 0.15 (including) | 0.15 (including) |
| Icradius | Icradius | 0.16 (including) | 0.16 (including) |
| Icradius | Icradius | 0.17 (including) | 0.17 (including) |
| Icradius | Icradius | 0.17b (including) | 0.17b (including) |
| Icradius | Icradius | 0.18 (including) | 0.18 (including) |
| Icradius | Icradius | 0.18.1 (including) | 0.18.1 (including) |
| Radius | Livingston | 2.0 (including) | 2.0 (including) |
| Radius | Livingston | 2.0.1 (including) | 2.0.1 (including) |
| Radius | Livingston | 2.1 (including) | 2.1 (including) |
| Radius | Lucent | 2.0 (including) | 2.0 (including) |
| Radius | Lucent | 2.0.1 (including) | 2.0.1 (including) |
| Radius | Lucent | 2.1 (including) | 2.1 (including) |
| Radius | Miquel_van_smoorenburg_cistron | 1.6.1 (including) | 1.6.1 (including) |
| Radius | Miquel_van_smoorenburg_cistron | 1.6.2 (including) | 1.6.2 (including) |
| Radius | Miquel_van_smoorenburg_cistron | 1.6.3 (including) | 1.6.3 (including) |
| Radius | Miquel_van_smoorenburg_cistron | 1.6.4 (including) | 1.6.4 (including) |
| Radius | Miquel_van_smoorenburg_cistron | 1.6.5 (including) | 1.6.5 (including) |
| Radius | Miquel_van_smoorenburg_cistron | 1.6_.0 (including) | 1.6_.0 (including) |
| Openradius | Openradius | 0.8 (including) | 0.8 (including) |
| Openradius | Openradius | 0.9 (including) | 0.9 (including) |
| Openradius | Openradius | 0.9.1 (including) | 0.9.1 (including) |
| Openradius | Openradius | 0.9.2 (including) | 0.9.2 (including) |
| Openradius | Openradius | 0.9.3 (including) | 0.9.3 (including) |
| Radiusclient | Radiusclient | 0.3.1 (including) | 0.3.1 (including) |
| Xtradius | Xtradius | 1.1_pre1 (including) | 1.1_pre1 (including) |
| Xtradius | Xtradius | 1.1_pre2 (including) | 1.1_pre2 (including) |
| Yard_radius | Yard_radius | 1.0.17 (including) | 1.0.17 (including) |
| Yard_radius | Yard_radius | 1.0.18 (including) | 1.0.18 (including) |
| Yard_radius | Yard_radius | 1.0.19 (including) | 1.0.19 (including) |
| Yard_radius | Yard_radius | 1.0_pre13 (including) | 1.0_pre13 (including) |
| Yard_radius | Yard_radius | 1.0_pre14 (including) | 1.0_pre14 (including) |
| Yard_radius | Yard_radius | 1.0_pre15 (including) | 1.0_pre15 (including) |
| Yard_radius | Yard_radius_project | 1.0.16 (including) | 1.0.16 (including) |
| Red Hat Powertools 7.0 | RedHat | * | |
| Red Hat Powertools 7.1 | RedHat | * |