CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*

History

24 Jan 2023, 19:53

Type Values Removed Values Added
CPE cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
References (MISC) https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a - (MISC) https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a - Patch, Third Party Advisory
References (MISC) https://freeradius.org/security/ - (MISC) https://freeradius.org/security/ - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Freeradius
Freeradius freeradius

17 Jan 2023, 18:55

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-17 18:15

Updated : 2023-12-10 14:48


NVD link : CVE-2022-41860

Mitre link : CVE-2022-41860

CVE.ORG link : CVE-2022-41860


JSON object : View

Products Affected

freeradius

  • freeradius
CWE
CWE-476

NULL Pointer Dereference