{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-27T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://freeradius.org/security.html#eap-pwd-2015"}, {"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8764", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://freeradius.org/security.html#eap-pwd-2015", "refsource": "CONFIRM", "url": "http://freeradius.org/security.html#eap-pwd-2015"}, {"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:29:21.944Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://freeradius.org/security.html#eap-pwd-2015"}, {"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8764", "datePublished": "2017-03-27T17:00:00", "dateReserved": "2016-01-08T00:00:00", "dateUpdated": "2024-08-06T08:29:21.944Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "388D7673-6BA7-4113-86E1-00F9A60C8796", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B5B5D50-C251-4569-9D2C-49FB64702646", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A693BD6B-BCFF-461B-B71D-4E6F7A614979", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6E1D867F-7147-4C97-927B-C10404CC2985", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4C30EB50-6BCD-44E4-906A-618ACCF627DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A8C129A8-59C9-4780-8454-4EB112DF0B40", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "13C228DD-0EB3-4348-8D7A-D17A59E92013", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "2400422C-8E52-4946-BE83-AA7167F0F703", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."}, {"lang": "es", "value": "Error por un paso en el m\u00f3dulo EAP-PWD en FreeRADIUS 3.0 hasta la versi\u00f3n 3.0.8, lo que desencadena un desbordamiento de b\u00fafer."}], "id": "CVE-2015-8764", "lastModified": "2017-03-30T12:31:40.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-27T17:59:00.350", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://freeradius.org/security.html#eap-pwd-2015"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", "id": "1218467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218467"}, "csaw": false, "cvss": {"cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-20", "details": ["Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."], "name": "CVE-2015-8764", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-05-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8764\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8764\nhttp://freeradius.org/security.html#eap-pwd-2015"], "statement": "This issue affects the version of freeradius as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates.", "threat_severity": "Moderate", "upstream_fix": "FreeRADIUS 3.0.9"}