CVE-2004-0961 — Missing Release of Memory after Effective Lifetime in Freeradius

8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

2.6%

top 14.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeradius Redhat Enterprise Linux Redhat Fedora Core

Timeline

PublishedFeb 9

Latest updateApr 29

Description

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianfreeradius/freeradius< 1.0.1+3

▶NVDfreeradius/freeradius11 versions+10

▶NVDredhat/fedora_corecore_2.0

Also affects: Enterprise Linux 3.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x6x8-7c65-c9gg: Memory leak in FreeRADIUS before 1↗2022-04-29

▶

OSV

CVE-2004-0961: Memory leak in FreeRADIUS before 1↗2005-02-09

▶

CVEList

CVE-2004-0961: Memory leak in FreeRADIUS before 1↗2004-10-20

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-09-20

▶

Debian

CVE-2004-0961: freeradius - Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial...↗2004

▶

💬Community

Bugzilla

CVE-2004-0961 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-0938 Freeradius < 1.0.1 DoS and remote crash (CAN-2004-0960, CAN-2004-0961)↗2004-10-15

▶