Описание
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.3.17-0ubuntu5.18.04.1 |
| devel | released | 1.4.0-2ubuntu1 |
| eoan | released | 1.3.17-0ubuntu5.19.10.1 |
| esm-infra-legacy/trusty | released | 1.3.17-0ubuntu4+esm1 |
| esm-infra/bionic | released | 1.3.17-0ubuntu5.18.04.1 |
| esm-infra/xenial | released | 1.3.17-0ubuntu4.1 |
| precise/esm | not-affected | 1.3.17-0ubuntu3.1 |
| trusty | ignored | end of standard support |
| trusty/esm | released | 1.3.17-0ubuntu4+esm1 |
| upstream | needs-triage |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3