CVE Vulnerabilities

CVE-2015-8762

NULL Pointer Dereference

Published: Mar 27, 2017 | Modified: Mar 30, 2017
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Freeradius Freeradius 3.0.5 3.0.5
Freeradius Freeradius 3.0.8 3.0.8
Freeradius Freeradius 3.0.1 3.0.1
Freeradius Freeradius 3.0.3 3.0.3
Freeradius Freeradius 3.0.6 3.0.6
Freeradius Freeradius 3.0.0 3.0.0
Freeradius Freeradius 3.0.4 3.0.4
Freeradius Freeradius 3.0.2 3.0.2
Freeradius Freeradius 3.0.7 3.0.7

Potential Mitigations

References