Buffer Overflow Vulnerability in PHP Radius Extension Affects Users
CVE-2013-2220

Currently unrated

Key Information:

Vendor: Radius Extension Project
Status: Radius
Vendor: CVE Published:; 31 July 2013

🔔 Create Radius Extension Project Vulnerability Alert

What is CVE-2013-2220?

The Radius extension for PHP contains a buffer overflow vulnerability in the radius_get_vendor_attr function, which can be exploited by remote attackers. This occurs due to improper handling of large Vendor Specific Attributes (VSA) length values, potentially leading to a denial of service situation by crashing the application, as well as the risk of arbitrary code execution on the affected system.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362

x_refsource_CONFIRM

https://github.com/LawnGnome/php-radius/commit/13c149b051...

x_refsource_CONFIRM

http://www.debian.org/security/2013/dsa-2726

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 31, 2013

CVE-2013-2220 Data

JSON