CVE-2004-0961 | Vulnerability Database | Aqua Security

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Affected Software

Name	Vendor	Start Version	End Version
Freeradius	Freeradius	0.2 (including)	0.2 (including)
Freeradius	Freeradius	0.3 (including)	0.3 (including)
Freeradius	Freeradius	0.4 (including)	0.4 (including)
Freeradius	Freeradius	0.5 (including)	0.5 (including)
Freeradius	Freeradius	0.8 (including)	0.8 (including)
Freeradius	Freeradius	0.8.1 (including)	0.8.1 (including)
Freeradius	Freeradius	0.9 (including)	0.9 (including)
Freeradius	Freeradius	0.9.1 (including)	0.9.1 (including)
Freeradius	Freeradius	0.9.2 (including)	0.9.2 (including)
Freeradius	Freeradius	0.9.3 (including)	0.9.3 (including)
Freeradius	Freeradius	1.0.0 (including)	1.0.0 (including)
Red Hat Enterprise Linux 3	RedHat	freeradius-0:1.0.1-1.RHEL3	*

References

http://security.gentoo.org/glsa/glsa-200409-29.xml
http://www.kb.cert.org/vuls/id/541574
http://www.securityfocus.com/bid/11222
https://exchange.xforce.ibmcloud.com/vulnerabilities/17440
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0961
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html