CVE-2022-41861: Input Validation
Published Jan 17, 2023
·Updated
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Affected Software
1 affected component
FreeRADIUS freeradius<=3.0.25
Remediation
Patch Available
Event History
Jan 17, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Data Sourced
via NVD·06:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2022-41861?
CVE-2022-41861 has been classified as a critical vulnerability due to its potential to crash the FreeRADIUS server.
2
How do I fix CVE-2022-41861?
To fix CVE-2022-41861, upgrade FreeRADIUS to version 3.0.26 or later.
3
What versions of FreeRADIUS are affected by CVE-2022-41861?
FreeRADIUS versions up to and including 3.0.25 are affected by CVE-2022-41861.
4
What impact does CVE-2022-41861 have on my system?
CVE-2022-41861 allows a malicious client to send a malformed attribute, potentially causing the FreeRADIUS server to crash.
5
Is there a patch available for CVE-2022-41861?
Yes, a patch is included in FreeRADIUS version 3.0.26 and later to address CVE-2022-41861.