CVE-2004-0849
GNU Radius 1.1-1.2 - Denial of Service via SNMP Request Integer Overflow
Title source: llmDescription
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
References (3)
Core 3
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17391
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
Scores
EPSS
0.0074
EPSS Percentile
73.1%
Details
Status
published
Products (7)
gnu/radius
0.92.1
gnu/radius
0.93
gnu/radius
0.94
gnu/radius
0.95
gnu/radius
0.96
gnu/radius
1.1
gnu/radius
1.2
Published
Dec 23, 2004
Tracked Since
Feb 18, 2026