7.5

CVE-2021-29629

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.

Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version11.4 Update-
FreebsdFreebsd Version11.4 Updatebeta1
FreebsdFreebsd Version11.4 Updatep1
FreebsdFreebsd Version11.4 Updatep2
FreebsdFreebsd Version11.4 Updatep3
FreebsdFreebsd Version11.4 Updatep4
FreebsdFreebsd Version11.4 Updatep5
FreebsdFreebsd Version11.4 Updatep6
FreebsdFreebsd Version11.4 Updatep7
FreebsdFreebsd Version11.4 Updatep8
FreebsdFreebsd Version11.4 Updatep9
FreebsdFreebsd Version11.4 Updaterc1
FreebsdFreebsd Version11.4 Updaterc2
FreebsdFreebsd Version12.2 Update-
FreebsdFreebsd Version12.2 Updatebeta1-p1
FreebsdFreebsd Version12.2 Updatep1
FreebsdFreebsd Version12.2 Updatep2
FreebsdFreebsd Version12.2 Updatep3
FreebsdFreebsd Version12.2 Updatep4
FreebsdFreebsd Version12.2 Updatep5
FreebsdFreebsd Version12.2 Updatep6
FreebsdFreebsd Version13.0 Update-
FreebsdFreebsd Version13.0 Updatebeta3-p1
FreebsdFreebsd Version13.0 Updaterc3
FreebsdFreebsd Version13.0 Updaterc4
FreebsdFreebsd Version13.0 Updaterc5-p1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.62% 0.691
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.