CVE-2013-2220

Name of the Vulnerable Software and Affected Versions PHP Radius extension versions prior to 1.2.7

Description The issue is related to a buffer overflow in the radius get vendor attr function, which can be exploited by remote attackers to cause a denial of service (crash) and potentially execute arbitrary code. This is achieved by sending a large Vendor Specific Attributes (VSA) length value.

Recommendations For versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the radius get vendor attr function to minimize the risk of exploitation.