CVE-2007-2028

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/04/2007
Last modified:
09/04/2025

Description

Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:* 1.1.5 (including)


References to Advisories, Solutions, and Tools