CVE-2012-3547

NONECVSS 0.0

0.0

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.

🔗 References (40)

secalert@redhathttp://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html
secalert@redhathttp://freeradius.org/security.html
secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html
secalert@redhathttp://osvdb.org/85325
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1326.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1327.html
secalert@redhathttp://secunia.com/advisories/50484
secalert@redhathttp://secunia.com/advisories/50584
secalert@redhathttp://secunia.com/advisories/50637
secalert@redhathttp://secunia.com/advisories/50770
secalert@redhathttp://www.debian.org/security/2012/dsa-2546
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2012:159
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/09/10/2

Is Your Infrastructure Affected by CVE-2012-3547?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3547

📅 Published

🔄 Last Modified

🔗 References (40)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3547?