CVE-2022-41860
Published: 17 January 2023
Summary
CVE-2022-41860 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Freeradius Freeradius. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 40.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-45024
Vulnerability details
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it…
more
will dereference a NULL pointer, and cause the server to crash.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.