Skip to content

Unchecked radius vendor-specfic attribute

Low
DmitriyEshenko published GHSA-2m44-rh3c-x4gr Oct 21, 2020

Package

radius/packet.c

Affected versions

< e9d369a

Patched versions

e9d369a

Description

Impact

Variable underflow, when receiving a RADIUS vendor-specific attribute with length field is less than 2.
It has an impact only when the attacker controls the RADIUS server.

Patches

The problem was patched with commit e9d369a

References

swings & leommxj, Chaitin Security Research Lab.

Severity

Low

CVE ID

CVE-2020-28194

Weaknesses

No CWEs