Vulnerabilities (CVE)

Filtered by vendor Freeradius Subscribe
Filtered by product Pam Radius
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9542 3 Canonical, Debian, Freeradius 3 Ubuntu Linux, Debian Linux, Pam Radius 2024-11-21 5.0 MEDIUM 7.5 HIGH
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.