CVE-2017-9148

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-9148

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9148.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-9148

Related

Published

2017-05-29T17:29:00Z

Modified

2024-09-18T02:54:10.364657Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

References

Affected packages

Debian:11 / freeradius

Package

Name: freeradius
Purl: pkg:deb/debian/freeradius?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.12+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / freeradius

Package

Name: freeradius
Purl: pkg:deb/debian/freeradius?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.12+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / freeradius

Package

Name: freeradius
Purl: pkg:deb/debian/freeradius?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.12+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/freeradius/freeradius-server

Affected ranges

Type: GIT
Repo: https://github.com/freeradius/freeradius-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1c8d4d4cad8a07e96c0898fcf1cda8d2f3982495

Last affected

239ba3f92884be49adc90b1383aa8b54cb150fe9

Last affected

29ce823f72ffdfb2051765a6417126ee91e22552

Last affected

3250f1d08a5ce770afb88760cdebdfeac5bf495c

Last affected

3366cf0a98513ee15e1b96e3996f929ba5e611a4

Last affected

4c44a40e68c08b445123100b39855f36b65bf5f9

Last affected

580424ea12feeb5933f1aaac33fd5f9e2fa2ee60

Last affected

7c9d5fbe83a67934bff42c1093d50daacbf1c083

Last affected

808a9b3a8ff7ebac794519a1e842507c9a99107b

Last affected

8282a158b0b30d7dc522162855a30c942ad57dfa

Last affected

8a1cbd0d3a2fca26aefac2cfe7a50cd5d22fed42

Last affected

8b5bff2d8a2cd2be1da58a417787d907c7a5d8f1

Last affected

8bc2d13ba84de80ef4873b0d0990a133332d24a1

Last affected

9dbdad73ca823f5d2fbb0cbc5c34aec714a9e0d3

Last affected

a2c610854bef0f961573f15022d77b1088e8c819

Last affected

add9d9595bdbbae2c6b045cc3f8c1f31823748ec

Last affected

af07ace2815910610c0d39de90e4c0cf0735188d

Affected versions

Other

first-build

release_0_1_0

release_0_2_0

release_0_3_0

release_0_4_0

release_0_5_0

release_0_6_0

release_0_7_0

release_0_9_0

release_0_9_0_final

release_0_9_0_pre2

release_0_9_0_pre3

release_1_0_0

release_1_0_0_pre1

release_1_0_0_pre2

release_1_0_0_pre3

release_1_0_1

release_1_0_2

release_1_1_0

release_1_1_0_pre0

release_1_1_1

release_1_1_2

release_1_1_3

release_1_1_4

release_1_1_5

release_1_1_6

release_1_1_7

release_2_0_0

release_2_0_0_pre1

release_2_0_0_pre2

release_2_0_1

release_2_0_2

release_2_0_3

release_2_0_4

release_2_0_5

release_2_1_0

release_2_1_1