CVE-2013-2220

Priority
Description
Buffer overflow in the radius_get_vendor_attr function in the Radius
extension before 1.2.7 for PHP allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a large Vendor
Specific Attributes (VSA) length value.
Notes
Package
Upstream:released (1.2.7)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.2.5-2.4build1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.2.5-2.4build1)
Patches:
Upstream:https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234
More Information

Updated: 2020-09-10 02:38:28 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)