Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FreeRadius EAP-TTLS隧道内存泄露远程拒绝服务漏洞
Vulnerability Description
FreeRadius是一款使用RADIUS协议的开放源代码验证和帐户系统。 FreeRadius在处理畸形请求时存在内存泄露漏洞,远程攻击者可能利用此漏洞导致拒绝服务。 如果恶意的802.1x申请者在EAP-TTLS隧道中发送了畸形的Diameter格式属性的话,服务器会拒绝认证请求,但会导致在内存中泄露一个大约300字节的VALUE_PAIR数据结构。如果攻击者能够在短时间内执行多次攻击的话,服务器就会泄露几个G的内存,导致内存越界情况和进程退出。
CVSS Information
N/A
Vulnerability Type
N/A