PT-2004-1910 · Gnu · Gnu Radius

Published

2004-09-17

Updated

2017-07-11

CVE-2004-0849

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: GNU Radius versions 1.1 and 1.2 before 1.2.94

Description: The issue is related to an integer overflow in the asn decode string() function, which can be triggered by certain SNMP requests, leading to a denial of service (daemon crash). This occurs when GNU Radius is compiled with the --enable-snmp option.

Recommendations: For GNU Radius versions 1.1 and 1.2 before 1.2.94, update to version 1.2.94 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0849

Affected Products

Gnu Radius

PT-2004-1910 · Gnu · Gnu Radius

CVE-2004-0849

Related Identifiers

Affected Products

References · 4