ALAS2-2019-1218 --- freeradiusID: oval:org.secpod.oval:def:1700173 | Date: (C)2019-06-19 (M)2023-06-16 |
Class: PATCH | Family: unix |
FreeRADIUS mishandles the each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used protection mechanism, aka a Dragonblood issue, a similar issue to CVE-2019-9498 and CVE-2019-9499 .FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a Dragonblood issue, a similar issue to CVE-2019-9497 .