CVE-2014-2015

Name of the Vulnerable Software and Affected Versions FreeRADIUS versions 2.x through 2.2.3 and earlier FreeRADIUS versions 3.x through 3.0.1 and earlier

Description The issue is related to a stack-based buffer overflow in the normify function within the rlm pap module. This could potentially allow attackers to cause a denial of service, leading to a crash, and possibly execute arbitrary code. The attack vector involves a long password hash, such as an SSHA hash.

Recommendations For FreeRADIUS versions 2.x through 2.2.3 and earlier, consider updating to a version later than 2.2.3 to resolve the issue. For FreeRADIUS versions 3.x through 3.0.1 and earlier, consider updating to a version later than 3.0.1 to resolve the issue. As a temporary workaround, consider restricting the length of password hashes to prevent exploitation until a patch is available.