Your submission was sent successfully! Close

CVE-2015-8763

Published: 27 March 2017

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.

Priority

Low

CVSS 3 base score: 8.1

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

vivid Not vulnerable

wily Not vulnerable

Notes

AuthorNote
sbeattie
according to upstream, EAP-PWD not enabled by default
mdeslaur
3.0+ only

References

Bugs