CVE-2015-8763

HIGH

Freeradius - Out-of-Bounds Read

Title source: rule

Description

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.

References (2)

Core 2

Core References

Not Applicable x_refsource_confirm

http://freeradius.org/security.html#eap-pwd-2015

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/01/08/7

Scores

CVSS v3 8.1

EPSS 0.0055

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (9)

freeradius/freeradius 3.0.0

freeradius/freeradius 3.0.1

freeradius/freeradius 3.0.2

freeradius/freeradius 3.0.3

freeradius/freeradius 3.0.4

freeradius/freeradius 3.0.5

freeradius/freeradius 3.0.6

freeradius/freeradius 3.0.7

freeradius/freeradius 3.0.8

Published Mar 27, 2017

Tracked Since Feb 18, 2026