CVE-2007-2028

Name of the Vulnerable Software and Affected Versions freeRADIUS versions 1.1.5 and earlier

Description The issue allows remote attackers to cause a denial of service due to memory consumption. This occurs via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes. As a result, the authentication request is rejected but does not reclaim VALUE PAIR data structures.

Recommendations For versions 1.1.5 and earlier, consider restricting the number of EAP-TTLS tunnel connections to minimize the risk of exploitation. Additionally, monitor system memory consumption to detect potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.