Information on source package freeradius

Available versions

ReleaseVersion
jessie2.2.5+dfsg-0.2+deb8u1
stretch3.0.17+dfsg-1.1+deb9u1
stretch (security)3.0.12+dfsg-5+deb9u1
buster3.0.17+dfsg-1.1+deb10u1
buster (security)3.0.17+dfsg-1.1+deb10u2
bullseye3.0.21+dfsg-2.2+deb11u1
bookworm3.2.1+dfsg-4+deb12u1
trixie3.2.3+dfsg-2
sid3.2.3+dfsg-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2022-41861vulnerable (no DSA)fixedfixedvulnerable (no DSA)fixedfixedfixedA flaw was found in freeradius. A malicious RADIUS client or home serv ...
CVE-2022-41860vulnerable (no DSA)fixedfixedvulnerable (no DSA)fixedfixedfixedIn freeradius, when an EAP-SIM supplicant sends an unknown SIM option, ...
CVE-2022-41859fixedfixedfixedvulnerable (no DSA)fixedfixedfixedIn freeradius, the EAP-PWD function compute_password_element() leaks i ...
CVE-2015-4680vulnerable (no DSA)fixedfixedfixedfixedfixedfixedFreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2019-10143vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIt was discovered freeradius up to and including version 3.0.19 does n ...
CVE-2007-0080vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableBuffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 ...

Resolved issues

BugDescription
TEMP-0000000-01E656Possible SQL injection in freeradius
CVE-2019-17185In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global Op ...
CVE-2019-13456In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...
CVE-2019-11235FreeRADIUS before 3.0.19 mishandles the "each participant verifies tha ...
CVE-2019-11234FreeRADIUS before 3.0.19 does not prevent use of reflection for authen ...
CVE-2017-10987An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buff ...
CVE-2017-10986An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infi ...
CVE-2017-10985An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite lo ...
CVE-2017-10984An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overf ...
CVE-2017-10983An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...
CVE-2017-10982An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buff ...
CVE-2017-10981An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...
CVE-2017-10980An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...
CVE-2017-10979An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overf ...
CVE-2017-10978An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...
CVE-2017-9148The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before ...
CVE-2015-8764Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 ...
CVE-2015-8763The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...
CVE-2015-8762The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...
CVE-2014-2015Stack-based buffer overflow in the normify function in the rlm_pap mod ...
CVE-2012-3547Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...
CVE-2011-4966modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode ...
CVE-2011-2701The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OC ...
CVE-2010-3697The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...
CVE-2010-3696The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in cert ...
CVE-2010-0524The default configuration of the FreeRADIUS server in Apple Mac OS X S ...
CVE-2009-3111The rad_decode function in FreeRADIUS before 1.1.8 allows remote attac ...
CVE-2008-4474freeradius-dialupadmin in freeradius 2.0.4 allows local users to overw ...
CVE-2007-2028Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...
CVE-2006-1354Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remot ...
CVE-2005-4746Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote a ...
CVE-2005-4745SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...
CVE-2005-4744Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRA ...
CVE-2005-1455Buffer overflow in the sql_escape_func function in the SQL module for ...
CVE-2005-1454SQL injection vulnerability in the radius_xlat function in the SQL mod ...
CVE-2004-0961Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to caus ...
CVE-2004-0960FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...
CVE-2004-0938FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...
CVE-2003-0968Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experim ...
CVE-2003-0967rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...

Security announcements

DSA / DLADescription
DLA-3342-1freeradius - security update
ELA-809-1freeradius - security update
DLA-1064-1freeradius - security update
DSA-3930-1freeradius - security update
DLA-977-1freeradius - security update
DSA-2546-1freeradius - code execution
DSA-1145-1freeradius - several
DSA-1089-1freeradius - several vulnerabilities

Search for package or bug name: Reporting problems