Back to search
CVE-2014-2015
Published: Nov 2, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow
mailing-list
x_refsource_MLIST
[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing
mailing-list
x_refsource_MLIST
RHSA-2015:1287
vendor-advisory
x_refsource_REDHAT
[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow
mailing-list
x_refsource_MLIST
USN-2122-1
vendor-advisory
x_refsource_UBUNTU
[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow
mailing-list
x_refsource_MLIST
65581
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1066761
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now