CVE-2019-11234
CRITICALFreeRADIUS < 3.0.19 - Authentication Spoofing via Reflection
Title source: llmDescription
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
References (11)
Core 11
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
Technical Description, Third Party Advisory x_refsource_misc
https://papers.mathyvanhoef.com/dragonblood.pdf
Not Applicable, Third Party Advisory, US Government Resource x_refsource_misc
https://www.kb.cert.org/vuls/id/871675/
Vendor Advisory x_refsource_misc
https://freeradius.org/security/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1695783
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3954-1/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1131
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1142
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html
Scores
CVSS v3
9.8
EPSS
0.1717
EPSS Percentile
95.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (6)
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
canonical/ubuntu_linux
19.04
fedoraproject/fedora
freeradius/freeradius
< 3.0.19
redhat/enterprise_linux
7.0
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026