CVE-2022-24705

Name of the Vulnerable Software and Affected Versions FreeRADIUS (affected versions not specified)

Description The issue is related to a memcpy buffer overflow in the rad packet recv function, located in radius/packet.c. This overflow occurs due to an overly-large recvfrom into a fixed buffer, causing a buffer overflow that overwrites arbitrary memory. The vulnerability can be remotely triggered by crafted client requests if the server connects with a malicious client.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.