CVE-2022-41860

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-41860
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41860.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41860
Related
Published
2023-01-17T18:15:11Z
Modified
2024-09-18T03:18:29.834088Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

References

Affected packages

Alpine:v3.15 / freeradius

Package

Name
freeradius
Purl
pkg:apk/alpine/freeradius?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.26-r0

Affected versions

2.*

2.1.7-r0
2.1.7-r1
2.1.7-r2
2.1.10-r0
2.1.10-r1
2.1.10-r2
2.1.10-r3
2.1.10-r4
2.1.10-r5
2.1.10-r6
2.1.10-r7
2.1.10-r8
2.1.10-r9
2.1.10-r10
2.1.10-r11
2.1.10-r12
2.1.10-r13
2.1.10-r14
2.1.10-r15
2.1.10-r16
2.1.10-r17
2.1.10-r18
2.1.10-r19
2.1.10-r20
2.1.10-r21
2.1.10-r22
2.1.10-r23
2.1.12-r0
2.1.12-r1
2.1.12-r2
2.1.12-r3
2.1.12-r4
2.1.12-r5
2.2.0-r0
2.2.0-r1
2.2.0-r2
2.2.0-r3
2.2.0-r4
2.2.0-r5
2.2.0-r6
2.2.0-r7
2.2.0-r8
2.2.0-r9
2.2.0-r10
2.2.0-r11
2.2.1-r0
2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.3-r0
2.2.3-r1
2.2.3-r2
2.2.3-r3
2.2.3-r4
2.2.3-r5
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.4-r3
2.2.5-r0
2.2.5-r1
2.2.5-r2
2.2.5-r3
2.2.5-r4
2.2.6-r0
2.2.6-r1

3.*

3.0.8-r1
3.0.8-r2
3.0.8-r3
3.0.8-r4
3.0.8-r5
3.0.8-r6
3.0.8-r7
3.0.9-r0
3.0.9-r1
3.0.9-r2
3.0.9-r3
3.0.10-r0
3.0.10-r1
3.0.10-r2
3.0.10-r3
3.0.11-r0
3.0.11-r1
3.0.11-r2
3.0.11-r3
3.0.12-r0
3.0.12-r1
3.0.12-r2
3.0.13-r0
3.0.13-r1
3.0.13-r2
3.0.13-r3
3.0.15-r0
3.0.15-r1
3.0.15-r2
3.0.15-r3
3.0.16-r0
3.0.16-r1
3.0.16-r2
3.0.17-r0
3.0.17-r1
3.0.17-r2
3.0.17-r3
3.0.17-r4
3.0.18-r0
3.0.18-r1
3.0.19-r0
3.0.19-r1
3.0.19-r2
3.0.19-r3
3.0.19-r4
3.0.20-r0
3.0.20-r1
3.0.20-r2
3.0.20-r3
3.0.20-r4
3.0.20-r5
3.0.20-r6
3.0.20-r7
3.0.20-r8
3.0.20-r9
3.0.20-r10
3.0.21-r0
3.0.21-r1
3.0.21-r2
3.0.21-r3
3.0.21-r4
3.0.21-r5
3.0.21-r6
3.0.21-r7
3.0.21-r8
3.0.22-r0
3.0.23-r0
3.0.23-r1
3.0.23-r2
3.0.23-r3
3.0.25-r0
3.0.25-r1

Alpine:v3.16 / freeradius

Package

Name
freeradius
Purl
pkg:apk/alpine/freeradius?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.26-r0

Affected versions

2.*

2.1.7-r0
2.1.7-r1
2.1.7-r2
2.1.10-r0
2.1.10-r1
2.1.10-r2
2.1.10-r3
2.1.10-r4
2.1.10-r5
2.1.10-r6
2.1.10-r7
2.1.10-r8
2.1.10-r9
2.1.10-r10
2.1.10-r11
2.1.10-r12
2.1.10-r13
2.1.10-r14
2.1.10-r15
2.1.10-r16
2.1.10-r17
2.1.10-r18
2.1.10-r19
2.1.10-r20
2.1.10-r21
2.1.10-r22
2.1.10-r23
2.1.12-r0
2.1.12-r1
2.1.12-r2
2.1.12-r3
2.1.12-r4
2.1.12-r5
2.2.0-r0
2.2.0-r1
2.2.0-r2
2.2.0-r3
2.2.0-r4
2.2.0-r5
2.2.0-r6
2.2.0-r7
2.2.0-r8
2.2.0-r9
2.2.0-r10
2.2.0-r11
2.2.1-r0
2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.3-r0
2.2.3-r1
2.2.3-r2
2.2.3-r3
2.2.3-r4
2.2.3-r5
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.4-r3
2.2.5-r0
2.2.5-r1
2.2.5-r2
2.2.5-r3
2.2.5-r4
2.2.6-r0
2.2.6-r1

3.*

3.0.8-r1
3.0.8-r2
3.0.8-r3
3.0.8-r4
3.0.8-r5
3.0.8-r6
3.0.8-r7
3.0.9-r0
3.0.9-r1
3.0.9-r2
3.0.9-r3
3.0.10-r0
3.0.10-r1
3.0.10-r2
3.0.10-r3
3.0.11-r0
3.0.11-r1
3.0.11-r2
3.0.11-r3
3.0.12-r0
3.0.12-r1
3.0.12-r2
3.0.13-r0
3.0.13-r1
3.0.13-r2
3.0.13-r3
3.0.15-r0
3.0.15-r1
3.0.15-r2
3.0.15-r3
3.0.16-r0
3.0.16-r1
3.0.16-r2
3.0.17-r0
3.0.17-r1
3.0.17-r2
3.0.17-r3
3.0.17-r4
3.0.18-r0
3.0.18-r1
3.0.19-r0
3.0.19-r1
3.0.19-r2
3.0.19-r3
3.0.19-r4
3.0.20-r0
3.0.20-r1
3.0.20-r2
3.0.20-r3
3.0.20-r4
3.0.20-r5
3.0.20-r6
3.0.20-r7
3.0.20-r8
3.0.20-r9
3.0.20-r10
3.0.21-r0
3.0.21-r1
3.0.21-r2
3.0.21-r3
3.0.21-r4
3.0.21-r5
3.0.21-r6
3.0.21-r7
3.0.21-r8
3.0.22-r0
3.0.23-r0
3.0.23-r1
3.0.23-r2
3.0.23-r3
3.0.25-r0
3.0.25-r1
3.0.25-r2

Debian:11 / freeradius

Package

Name
freeradius
Purl
pkg:deb/debian/freeradius?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.21+dfsg-2.2
3.0.21+dfsg-2.2+deb11u1~bpo10+1
3.0.21+dfsg-2.2+deb11u1
3.0.21+dfsg-3
3.0.25+dfsg-1
3.0.25+dfsg-1.1
3.2.0+dfsg-1~bpo11+1
3.2.0+dfsg-1
3.2.1+dfsg-1~bpo11+1
3.2.1+dfsg-1
3.2.1+dfsg-2
3.2.1+dfsg-3~bpo11+1
3.2.1+dfsg-3
3.2.1+dfsg-4
3.2.2+dfsg-1~exp1
3.2.3+dfsg-1
3.2.3+dfsg-2
3.2.5+dfsg-1
3.2.5+dfsg-2
3.2.5+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / freeradius

Package

Name
freeradius
Purl
pkg:deb/debian/freeradius?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / freeradius

Package

Name
freeradius
Purl
pkg:deb/debian/freeradius?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/freeradius/freeradius-server

Affected ranges

Type
GIT
Repo
https://github.com/freeradius/freeradius-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

branch_4_0_0
first-build
release_0_1_0
release_0_2_0
release_0_3_0
release_0_4_0
release_0_5_0
release_0_6_0
release_0_7_0
release_0_9_0
release_0_9_0_final
release_0_9_0_pre2
release_0_9_0_pre3
release_1_0_0
release_1_0_0_pre1
release_1_0_0_pre2
release_1_0_0_pre3
release_1_0_1
release_1_0_2
release_1_1_0
release_1_1_0_pre0
release_1_1_1
release_1_1_2
release_1_1_3
release_1_1_4
release_1_1_5
release_1_1_6
release_1_1_7
release_2_0_0
release_2_0_0_pre1
release_2_0_0_pre2
release_2_0_1
release_2_0_2
release_2_0_3
release_2_0_4
release_2_0_5
release_2_1_0
release_2_1_1
release_2_1_2
release_2_1_3
release_2_1_4
release_2_1_7
release_3_0_0
release_3_0_0_beta0
release_3_0_0_beta1
release_3_0_0_rc0
release_3_0_0_rc1
release_3_0_1
release_3_0_10
release_3_0_11
release_3_0_12
release_3_0_13
release_3_0_14
release_3_0_15
release_3_0_16
release_3_0_17
release_3_0_18
release_3_0_19
release_3_0_2
release_3_0_20
release_3_0_21
release_3_0_22
release_3_0_23
release_3_0_24
release_3_0_25
release_3_0_3
release_3_0_4_rc0
release_3_0_4_rc1
release_3_0_4_rc2
release_3_0_5
release_3_0_6
release_3_0_7
release_3_0_8
release_3_0_9

release_3.*

release_3.0.8