Alandekok

**Name of the Vulnerable Software and Affected Versions** freeradius (affected versions not specified) **Description** The issue occurs when an EAP-SIM supplicant sends an unknown SIM option to the server. The server attempts to look up this option in its internal dictionaries, which fails. However, the SIM code does not check for this failure and instead dereferences a NULL pointer, causing the server to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** freeradius (affected versions not specified) **Description** The EAP-PWD function `compute password element()` in freeradius leaks information about the password, allowing an attacker to substantially reduce the size of an offline dictionary attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.