1. CVE-Search
  2. CVE-2015-8762
ID CVE-2015-8762
Summary The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
References
Vulnerable Configurations
  • cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-03-2017 - 12:31)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
confirm http://freeradius.org/security.html#eap-pwd-2015
mlist [oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer
Last major update 30-03-2017 - 12:31
Published 27-03-2017 - 17:59
Last modified 30-03-2017 - 12:31
Back to Top