In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HFreeradius
APPFreeradius3.0.0 – 3.0.20 (bez)Opensuse Leap
OSOpensuse15.1
Powiązane podatności
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacha...
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...