CVE-2005-0108 — Libapache-mod-auth-radius vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

2.3%

top 15.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libapache-mod-auth-radius Debian Libpam-radius-auth Apache MOD Auth Radius

Timeline

PublishedJan 11

Latest updateMay 1

Description

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/libpam-radius-auth< libapache-mod-auth-radius 1.5.7-6 (bullseye)

▶debiandebian/libapache-mod-auth-radius< libapache-mod-auth-radius 1.5.7-6 (bullseye)

▶NVDapache/mod_auth_radius1.5.4

🔴Vulnerability Details

GHSA

GHSA-p37h-5749-6mgg: Apache mod_auth_radius 1↗2022-05-01

▶

OSV

CVE-2005-0108: Apache mod_auth_radius 1↗2005-01-11

▶

📋Vendor Advisories

Debian

CVE-2005-0108: libapache-mod-auth-radius - Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIU...↗2005

▶