FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
},
{
"introduced": "18.10"
},
{
"last_affected": "18.10"
},
{
"introduced": "19.04"
},
{
"last_affected": "19.04"
}
],
"vendor_product": "canonical:ubuntu_linux",
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux",
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.0.19"
}
],
"source": "CPE_RANGE"
}[
{
"source": "https://github.com/freeradius/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "129569143899151200956858467118537793085",
"length": 3217.0
},
"deprecated": false,
"id": "CVE-2019-11234-1fd28794",
"target": {
"function": "process_peer_commit",
"file": "src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c"
}
},
{
"source": "https://github.com/freeradius/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"44628322362010892775297859780437640634",
"247023918149329515823030769271528430332",
"224033363932944218881098358854636411965",
"17630095911784018250606902112754836822",
"216632450278555283936186076618328015503",
"95929150371845356609814502021181772614",
"55929718924763167308877861755612329536",
"22676619042527158489947307178530195583"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2019-11234-7d9d3913",
"target": {
"file": "src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c"
}
}
]
"2026-07-08T18:17:38Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11234.json"