Candidate: CVE-2013-2220
PublicDate: 2013-07-31 13:20:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2220
 http://www.openwall.com/lists/oss-security/2013/06/28/2
Description:
 Buffer overflow in the radius_get_vendor_attr function in the Radius
 extension before 1.2.7 for PHP allows remote attackers to cause a denial of
 service (crash) and possibly execute arbitrary code via a large Vendor
 Specific Attributes (VSA) length value.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_php-radius:
 upstream: https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234
upstream_php-radius: released (1.2.7)
lucid_php-radius: ignored (reached end-of-life)
precise_php-radius: released (1.2.5-2+squeeze1ubuntu0.12.04.1)
quantal_php-radius: ignored (reached end-of-life)
raring_php-radius: ignored (reached end-of-life)
saucy_php-radius: ignored (reached end-of-life)
trusty_php-radius: not-affected (1.2.5-2.4build1)
trusty/esm_php-radius: DNE (trusty was not-affected [1.2.5-2.4build1])
utopic_php-radius: ignored (reached end-of-life)
vivid_php-radius: ignored (reached end-of-life)
vivid/stable-phone-overlay_php-radius: DNE
vivid/ubuntu-core_php-radius: DNE
wily_php-radius: not-affected (1.2.5-2.4build1)
xenial_php-radius: not-affected (1.2.5-2.4build1)
devel_php-radius: not-affected (1.2.5-2.4build1)