CVE-2022-41860

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-41860
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41860.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41860
Downstream
Related
Published
2023-01-17T18:15:11.387Z
Modified
2026-03-15T14:48:05.123123Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

References

Affected packages

Git / github.com/freeradius/freeradius-server

Affected ranges

Type
GIT
Repo
https://github.com/freeradius/freeradius-server
Events
Introduced
8e6b04132fd49c6fa145851e4ba919385cd0b3ba
Last affected
43e59543e3a1bf539a9b79d2a1275bb6aa10ca50
Fixed
f1cdbb33ec61c4a64a
Database specific 
{
    "versions": [
        {
            "introduced": "0.9.3"
        },
        {
            "last_affected": "3.0.25"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41860.json"