VDB

CVE-2001-1377

CVE-2001-1377 PUBLISHED CVSS 5 MEDIUM

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

EPSS 13.34% · 94.3th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
13.34%
94.3th percentile

Affected Products

VendorProductVersions
gnuradius0.92.1, 0.93, 0.95
icradiusicradius0.17, 0.16, 0.15
yard_radiusyard_radius1.0_pre14, 1.0.17, 1.0.18
openradiusopenradius0.9.3, 0.8, 0.9
radiusclientradiusclient0.3.1
miquel_van_smoorenburg_cistronradius1.6.1, 1.6.2, 1.6.4
lucentradius2.0, 2.1, 2.0.1
yard_radius_projectyard_radius1.0.16
xtradiusxtradius1.1_pre2, 1.1_pre1
livingstonradius2.1, 2.0.1, 2.0
freeradiusfreeradius0.2, 0.3
n/an/an/a

Timeline

  • Mar 4, 2002 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 27, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›