Vulncode-DB
  • Home
  • About
  • Deprecation
  • News
    Login/Register
  •  
  • Issues 
    File a bug Feature request
  • Slack
  • Twitter
Note:

This project will be discontinued after December 13, 2021. [more]

    CVE-2019-11234 (NVD)

    2019-04-22

    FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

    Products Ubuntu_linux, Fedora, Freeradius, Enterprise_linux
    Type Improper Authentication (CWE-287)
    First patch - None (likely due to unavailable code)
    Links • https://access.redhat.com/errata/RHSA-2019:1131
    • https://freeradius.org/security/
    • https://www.kb.cert.org/vuls/id/871675/
    • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
    • https://bugzilla.redhat.com/show_bug.cgi?id=1695783
    More/Less (5)
    • https://access.redhat.com/errata/RHSA-2019:1142
    • https://usn.ubuntu.com/3954-1/
    • https://papers.mathyvanhoef.com/dragonblood.pdf
    • https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
    • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html

    Disclaimer: Vulncode-DB is not an officially supported Google product. Terms of Use
    See the vulncode-db repository for more information.


    Running version: bffd1467df54d98e5271ec977330365d5879b60d (2021-11-29 03:52:21)