CVE-2004-0131

3 documents3 sources

Severity

5.0MEDIUM

EPSS

4.3%

top 11.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Radius

Timeline

PublishedMar 3

Latest updateApr 29

Description

The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/radius1.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gw8r-wq33-8jjw: The rad_print_request function in logger↗2022-04-29

▶

CVEList

CVE-2004-0131: The rad_print_request function in logger↗2004-09-01

▶