Description
Buffer overflow in the radius_get_vendor_attr function in the Radius
extension before 1.2.7 for PHP allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a large Vendor
Specific Attributes (VSA) length value.
Package
Upstream: | released
(1.2.7)
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was not-affected [1.2.5-2.4build1])
|
Ubuntu 20.04 FIPS Compliant (Focal Fossa): | not-affected
(1.2.5-2.4build1)
|
Patches:
Updated: 2022-02-11 00:31:47 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)