CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0849

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile10.27th
PublishedDec 23, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.

Affected Platforms (CPE)

πŸ“¦
Gnu

Radius

= 0.92.1
πŸ“¦
Gnu

Radius

= 0.93
πŸ“¦
Gnu

Radius

= 0.94
πŸ“¦
Gnu

Radius

= 0.95
πŸ“¦
Gnu

Radius

= 0.96
πŸ“¦
Gnu

Radius

= 1.1
πŸ“¦
Gnu

Radius

= 1.2

References & Advisories

πŸ”— http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
πŸ”— http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17391
πŸ”— http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
πŸ”— http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17391

Related Vulnerabilities

CVE-2006-418110.0

Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote ...

CVE-2006-409810.0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Sol...

CVE-2001-053410.0

Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a...

CVE-2008-528410.0

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions bef...