CVE-2022-41860

Source
https://cve.org/CVERecord?id=CVE-2022-41860
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41860.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-41860
Downstream
Related
Published
2023-01-17T00:00:00Z
Modified
2026-05-17T03:55:22.784939047Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

Database specific
{
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-476"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41860.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "All versions from 0.9.3 to 3.0.25"
                }
            ]
        }
    ]
}
References

Affected packages