CVE-2006-4181

4 documents4 sources
Severity
10.0CRITICAL
EPSS
22.6%
top 4.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Radius
Timeline
PublishedNov 28
Latest updateMay 1

Description

Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDgnu/radius1.2, 1.3+1

Patches

Patch: labs.idefense.comPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-wpp6-rjff-897j: Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 12022-05-01
CVEList
CVE-2006-4181: Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 12006-11-28

📋Vendor Advisories

1
Red Hat
CVE-2006-4181: Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1
CVE-2006-4181 (CRITICAL CVSS 10) | Format string vulnerability in the | cvebase.io