发布时间: 2022年12月30日
修改时间: 2024年10月31日
When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.References:https://freeradius.org/security/Upstream fix:https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 7.5 | 7.5 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | High |
| User Interaction | None | None |
| Availability | High | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2763 | freeradius security update | 2022年12月30日 |
| KylinSec-SA-2023-2067 | freeradius security update | 2023年1月6日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | freeradius | Fixed |
| KY3.4-5A | freeradius | Fixed |
| KY3.5.1 | freeradius | Fixed |
| KY3.5.2 | freeradius | Fixed |
