{"id":"CVE-2022-41860","details":"In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.","modified":"2026-02-20T16:47:33.254209Z","published":"2023-01-17T18:15:11.387Z","related":["ALSA-2023:2166","ALSA-2023:2870","MGASA-2022-0482","SUSE-SU-2022:4620-1","SUSE-SU-2022:4621-1","SUSE-SU-2022:4622-1","SUSE-SU-2022:4626-1","SUSE-SU-2023:0124-1","SUSE-SU-2023:0135-1","openSUSE-SU-2024:13386-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"},{"type":"ADVISORY","url":"https://freeradius.org/security/"},{"type":"ADVISORY","url":"https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"},{"type":"FIX","url":"https://freeradius.org/security/"},{"type":"FIX","url":"https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeradius/freeradius-server","events":[{"introduced":"0"},{"fixed":"f1cdbb33ec61c4a64a"}]}],"versions":["branch_4_0_0","first-build","release_0_1_0","release_0_2_0","release_0_3_0","release_0_4_0","release_0_5_0","release_0_6_0","release_0_7_0","release_0_9_0","release_0_9_0_final","release_0_9_0_pre2","release_0_9_0_pre3","release_1_0_0","release_1_0_0_pre1","release_1_0_0_pre2","release_1_0_0_pre3","release_1_0_1","release_1_0_2","release_1_1_0","release_1_1_0_pre0","release_1_1_1","release_1_1_2","release_1_1_3","release_1_1_4","release_1_1_5","release_1_1_6","release_1_1_7","release_2_0_0","release_2_0_0_pre1","release_2_0_0_pre2","release_2_0_1","release_2_0_2","release_2_0_3","release_2_0_4","release_2_0_5","release_2_1_0","release_2_1_1","release_2_1_2","release_2_1_3","release_2_1_4","release_2_1_7","release_3.0.8","release_3_0_0","release_3_0_0_beta0","release_3_0_0_beta1","release_3_0_0_rc0","release_3_0_0_rc1","release_3_0_1","release_3_0_10","release_3_0_11","release_3_0_12","release_3_0_13","release_3_0_14","release_3_0_15","release_3_0_16","release_3_0_17","release_3_0_18","release_3_0_19","release_3_0_2","release_3_0_20","release_3_0_21","release_3_0_22","release_3_0_23","release_3_0_24","release_3_0_25","release_3_0_3","release_3_0_4_rc0","release_3_0_4_rc1","release_3_0_4_rc2","release_3_0_5","release_3_0_6","release_3_0_7","release_3_0_8","release_3_0_9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41860.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}