CVE-2019-11235
Description
FreeRADIUS before 3.0.19 mishandles the each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used protection mechanism, aka a Dragonblood issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.455
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0 | Windows |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP3 ) freeradius-server-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP3 ) freeradius-server-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP3 ) freeradius-server-debugsource-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-doc-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-krb5-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-krb5-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-ldap-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-ldap-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-libs-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-libs-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-mysql-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-mysql-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-perl-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-perl-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-postgresql-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-postgresql-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-python-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-python-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-sqlite-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-sqlite-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-utils-3.0.15-2.11.2.x86_64.rpm | Linux |
| SUSE-SU-2019:1181-1(SUSE Linux Enterprise Server 12-SP4 ) freeradius-server-utils-debuginfo-3.0.15-2.11.2.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-debugsource-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-devel-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-doc-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-krb5-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-ldap-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-mysql-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-perl-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-postgresql-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-rest-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-sqlite-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-unixODBC-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
| (RHSA-2019:1142) freeradius:3.0 security update freeradius-utils-3.0.17-4.module+el8.0.0+3108+851cb559.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234