[Bugs] [Bug 13493] New: [CVE 21] freeradius 3.0.23 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13493

          Platform: 2021.1
            Bug ID: 13493
           Summary: [CVE 21] freeradius 3.0.23  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-41860,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package freeradius version 3.0.23

INFO (CVEs are): freeradius 3.0.23
 cves found
CVE-2022-41860
Desc: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option,
the server will try to look that option up in the internal dictionaries. This
lookup will fail, but the SIM code will not check for that failure. Instead, it
will dereference a NULL pointer, and cause the server to crash.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-41860
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/50be9c98/attachment-0001.html>