CVE-2013-2220

Priority
Description
Buffer overflow in the radius_get_vendor_attr function in the Radius
extension before 1.2.7 for PHP allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a large Vendor
Specific Attributes (VSA) length value.
Notes
Package
Upstream:released (1.2.7)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.2.5-2.4build1])
Ubuntu 20.04 FIPS Compliant (Focal Fossa):not-affected (1.2.5-2.4build1)
Patches:
Upstream:https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234
More Information

Updated: 2022-02-11 00:31:47 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)