Download
| Alert*
oval:org.secpod.oval:def:601075
A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. oval:org.secpod.oval:def:1300214 A security vulnerability was discovered and fixed in php-radius. Fix a security issue in radius_get_vendor_attr by enforcing checks of the VSA length field against the buffer size . The updated packages have been upgraded to the 1.2.7 version which is not affected by this issue. |