Back to search
CVE-2007-2028
Published: Apr 13, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
2007-0013
vendor-advisory
x_refsource_TRUSTIX
oval:org.mitre.oval:def:11156
vdb-entry
signature
x_refsource_OVAL
MDKSA-2007:085
vendor-advisory
x_refsource_MANDRIVA
GLSA-200704-14
vendor-advisory
x_refsource_GENTOO
24996
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1369
vdb-entry
x_refsource_VUPEN
RHSA-2007:0338
vendor-advisory
x_refsource_REDHAT
24849
third-party-advisory
x_refsource_SECUNIA
23466
vdb-entry
x_refsource_BID
24917
third-party-advisory
x_refsource_SECUNIA
http://www.freeradius.org/security.html
x_refsource_CONFIRM
SUSE-SR:2007:010
vendor-advisory
x_refsource_SUSE
25201
third-party-advisory
x_refsource_SECUNIA
24907
third-party-advisory
x_refsource_SECUNIA
25220
third-party-advisory
x_refsource_SECUNIA
1018042
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now