Your submission was sent successfully!

CVE-2015-8763

Published: 27 March 2017

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.

Priority

CVSS 3 base score: 8.1

Status

Package	Release	Status
freeradius Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected)

Notes

Author	Note
sbeattie	according to upstream, EAP-PWD not enabled by default
mdeslaur	3.0+ only

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading