CVE-2012-4566

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2012-4566

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-4566.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-4566

Published

2012-11-20T00:55:01Z

Modified

2025-04-11T00:51:21Z

Downstream

DSA-2573-1

Summary

[none]

Details

The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.

References

Affected packages

Debian:11 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}