{"id":"OESA-2022-2165","summary":"freeradius security update","details":"Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.\r\n\r\nReferences:\r\n\r\nhttps://freeradius.org/security/\r\n\r\nUpstream fix:\r\n\r\nhttps://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a(CVE-2022-41860)\r\n\r\nA malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.\r\n\r\nReferences:\r\n\r\nhttps://freeradius.org/security/\r\n\r\nUpstream fix:\r\n\r\nhttps://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e(CVE-2022-41861)","modified":"2026-03-11T06:29:10.198634Z","published":"2022-12-30T11:04:44Z","upstream":["CVE-2022-41860","CVE-2022-41861"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2165"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41860"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41861"}],"affected":[{"package":{"name":"freeradius","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/freeradius&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.15-25.oe1"}]}],"ecosystem_specific":{"src":["freeradius-3.0.15-25.oe1.src.rpm"],"aarch64":["freeradius-help-3.0.15-25.oe1.aarch64.rpm","freeradius-devel-3.0.15-25.oe1.aarch64.rpm","freeradius-mysql-3.0.15-25.oe1.aarch64.rpm","freeradius-ldap-3.0.15-25.oe1.aarch64.rpm","python2-freeradius-3.0.15-25.oe1.aarch64.rpm","freeradius-postgresql-3.0.15-25.oe1.aarch64.rpm","freeradius-perl-3.0.15-25.oe1.aarch64.rpm","freeradius-krb5-3.0.15-25.oe1.aarch64.rpm","freeradius-debugsource-3.0.15-25.oe1.aarch64.rpm","freeradius-debuginfo-3.0.15-25.oe1.aarch64.rpm","freeradius-sqlite-3.0.15-25.oe1.aarch64.rpm","freeradius-3.0.15-25.oe1.aarch64.rpm","freeradius-utils-3.0.15-25.oe1.aarch64.rpm"],"x86_64":["freeradius-utils-3.0.15-25.oe1.x86_64.rpm","freeradius-debuginfo-3.0.15-25.oe1.x86_64.rpm","freeradius-ldap-3.0.15-25.oe1.x86_64.rpm","freeradius-devel-3.0.15-25.oe1.x86_64.rpm","freeradius-postgresql-3.0.15-25.oe1.x86_64.rpm","freeradius-perl-3.0.15-25.oe1.x86_64.rpm","freeradius-sqlite-3.0.15-25.oe1.x86_64.rpm","freeradius-mysql-3.0.15-25.oe1.x86_64.rpm","freeradius-help-3.0.15-25.oe1.x86_64.rpm","python2-freeradius-3.0.15-25.oe1.x86_64.rpm","freeradius-debugsource-3.0.15-25.oe1.x86_64.rpm","freeradius-3.0.15-25.oe1.x86_64.rpm","freeradius-krb5-3.0.15-25.oe1.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2022-2165.json"}},{"package":{"name":"freeradius","ecosystem":"openEuler:20.03-LTS-SP3","purl":"pkg:rpm/openEuler/freeradius&distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.15-25.oe1"}]}],"ecosystem_specific":{"src":["freeradius-3.0.15-25.oe1.src.rpm"],"aarch64":["freeradius-mysql-3.0.15-25.oe1.aarch64.rpm","freeradius-devel-3.0.15-25.oe1.aarch64.rpm","python2-freeradius-3.0.15-25.oe1.aarch64.rpm","freeradius-debuginfo-3.0.15-25.oe1.aarch64.rpm","freeradius-postgresql-3.0.15-25.oe1.aarch64.rpm","freeradius-ldap-3.0.15-25.oe1.aarch64.rpm","freeradius-debugsource-3.0.15-25.oe1.aarch64.rpm","freeradius-utils-3.0.15-25.oe1.aarch64.rpm","freeradius-3.0.15-25.oe1.aarch64.rpm","freeradius-help-3.0.15-25.oe1.aarch64.rpm","freeradius-perl-3.0.15-25.oe1.aarch64.rpm","freeradius-krb5-3.0.15-25.oe1.aarch64.rpm","freeradius-sqlite-3.0.15-25.oe1.aarch64.rpm"],"x86_64":["freeradius-sqlite-3.0.15-25.oe1.x86_64.rpm","freeradius-krb5-3.0.15-25.oe1.x86_64.rpm","python2-freeradius-3.0.15-25.oe1.x86_64.rpm","freeradius-help-3.0.15-25.oe1.x86_64.rpm","freeradius-debugsource-3.0.15-25.oe1.x86_64.rpm","freeradius-ldap-3.0.15-25.oe1.x86_64.rpm","freeradius-3.0.15-25.oe1.x86_64.rpm","freeradius-utils-3.0.15-25.oe1.x86_64.rpm","freeradius-mysql-3.0.15-25.oe1.x86_64.rpm","freeradius-devel-3.0.15-25.oe1.x86_64.rpm","freeradius-debuginfo-3.0.15-25.oe1.x86_64.rpm","freeradius-perl-3.0.15-25.oe1.x86_64.rpm","freeradius-postgresql-3.0.15-25.oe1.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2022-2165.json"}},{"package":{"name":"freeradius","ecosystem":"openEuler:22.03-LTS","purl":"pkg:rpm/openEuler/freeradius&distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.25-2.oe2203"}]}],"ecosystem_specific":{"src":["freeradius-3.0.25-2.oe2203.src.rpm"],"aarch64":["freeradius-ldap-3.0.25-2.oe2203.aarch64.rpm","freeradius-postgresql-3.0.25-2.oe2203.aarch64.rpm","freeradius-devel-3.0.25-2.oe2203.aarch64.rpm","freeradius-utils-3.0.25-2.oe2203.aarch64.rpm","freeradius-krb5-3.0.25-2.oe2203.aarch64.rpm","freeradius-sqlite-3.0.25-2.oe2203.aarch64.rpm","python3-freeradius-3.0.25-2.oe2203.aarch64.rpm","freeradius-debugsource-3.0.25-2.oe2203.aarch64.rpm","freeradius-perl-3.0.25-2.oe2203.aarch64.rpm","freeradius-mysql-3.0.25-2.oe2203.aarch64.rpm","freeradius-debuginfo-3.0.25-2.oe2203.aarch64.rpm","freeradius-3.0.25-2.oe2203.aarch64.rpm","freeradius-help-3.0.25-2.oe2203.aarch64.rpm"],"x86_64":["freeradius-perl-3.0.25-2.oe2203.x86_64.rpm","freeradius-sqlite-3.0.25-2.oe2203.x86_64.rpm","freeradius-debuginfo-3.0.25-2.oe2203.x86_64.rpm","freeradius-3.0.25-2.oe2203.x86_64.rpm","freeradius-utils-3.0.25-2.oe2203.x86_64.rpm","freeradius-debugsource-3.0.25-2.oe2203.x86_64.rpm","freeradius-krb5-3.0.25-2.oe2203.x86_64.rpm","freeradius-mysql-3.0.25-2.oe2203.x86_64.rpm","freeradius-postgresql-3.0.25-2.oe2203.x86_64.rpm","python3-freeradius-3.0.25-2.oe2203.x86_64.rpm","freeradius-devel-3.0.25-2.oe2203.x86_64.rpm","freeradius-help-3.0.25-2.oe2203.x86_64.rpm","freeradius-ldap-3.0.25-2.oe2203.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2022-2165.json"}}],"schema_version":"1.7.5"}