CVE-2022-41860

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions freeradius (affected versions not specified)

Description The issue occurs when an EAP-SIM supplicant sends an unknown SIM option to the server. The server attempts to look up this option in its internal dictionaries, which fails. However, the SIM code does not check for this failure and instead dereferences a NULL pointer, causing the server to crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2023:2166

ALSA-2023:2870

ALT-PU-2022-2505

AZL-13062

CESA-2023_2870

CVE-2022-41860

DLA-3342-1

DLA-4232-1

MGASA-2022-0482

OESA-2022-2165

OESA-2023-1022

OPENSUSE-SU-2022_4622-1

OPENSUSE-SU-2022_4626-1

OPENSUSE-SU-2024:13386-1

RHSA-2023:2166

RHSA-2023:2870

RHSA-2023_2166

RHSA-2023_2870

SUSE-SU-2022:4620-1

SUSE-SU-2022:4621-1

SUSE-SU-2022:4622-1

SUSE-SU-2022:4626-1

SUSE-SU-2023:0124-1

SUSE-SU-2023:0135-1

USN-5785-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Freeradius

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2022-41860

Weakness Enumeration

Related Identifiers

Affected Products

References · 68