Integer Overflow Vulnerability in GNU Radius by GNU
CVE-2004-0849

Currently unrated

Key Information:

Vendor: Gnu
Status: Radius
Vendor: CVE Published:; 23 December 2004

Summary

An integer overflow vulnerability exists in the asn_decode_string() function within asn1.c of GNU Radius versions 1.1 and 1.2. This vulnerability, triggered when the software is compiled with the --enable-snmp option, may allow remote attackers to exploit specific SNMP requests, resulting in a denial of service by causing the daemon to crash.

References

http://lists.gnu.org/archive/html/info-gnu-radius/2004-09...

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/17391

vdb-entryx_refsource_XF

http://www.idefense.com/application/poi/display?id=141&ty...

third-party-advisoryx_refsource_IDEFENSE

Timeline

Vulnerability published
Dec 23, 2004
Vulnerability Reserved
Sep 13, 2004