VDB
CVE-2001-1377
CVE-2001-1377
PUBLISHED
CVSS 5 MEDIUM
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
EPSS 13.34% · 94.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
13.34%
94.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gnu | radius | 0.92.1, 0.93, 0.95 |
| icradius | icradius | 0.17, 0.16, 0.15 |
| yard_radius | yard_radius | 1.0_pre14, 1.0.17, 1.0.18 |
| openradius | openradius | 0.9.3, 0.8, 0.9 |
| radiusclient | radiusclient | 0.3.1 |
| miquel_van_smoorenburg_cistron | radius | 1.6.1, 1.6.2, 1.6.4 |
| lucent | radius | 2.0, 2.1, 2.0.1 |
| yard_radius_project | yard_radius | 1.0.16 |
| xtradius | xtradius | 1.1_pre2, 1.1_pre1 |
| livingston | radius | 2.1, 2.0.1, 2.0 |
| freeradius | freeradius | 0.2, 0.3 |
| n/a | n/a | n/a |
Timeline
- Mar 4, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- RHSA-2002:030 vendor-advisory
- radius-vendor-attribute-dos(8354) vdb
- VU#936683 third-party-advisory
- 20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations mailing-list
- SuSE-SA:2002:013 vendor-advisory
- 4230 vdb
- CLA-2002:466 vendor-advisory
- CA-2002-06 third-party-advisory
- FreeBSD-SN-02:02 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2001-1377 advisory