cvelistv5 - cve-2021-29629

cve-2021-29629

Vulnerability from cvelistv5

Published
2021-05-28 14:06
Modified
2024-08-03 22:11
Severity ?
Summary
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.
References
▼	URL	Tags
	secteam@freebsd.org	https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc	Mitigation, Vendor Advisory
	secteam@freebsd.org	https://security.netapp.com/advisory/ntap-20210713-0003/	Third Party Advisory
Impacted products
▼	Vendor	Product
	n/a	FreeBSD
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:06.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210713-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "FreeBSD 13.0-RELEASE before p1, 12.2-RELEASE before p7, 11.4-RELEASE before p10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unchecked Input for Loop Condition",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-13T09:06:10",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210713-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2021-29629",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FreeBSD 13.0-RELEASE before p1, 12.2-RELEASE before p7, 11.4-RELEASE before p10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unchecked Input for Loop Condition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc",
              "refsource": "MISC",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210713-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210713-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2021-29629",
    "datePublished": "2021-05-28T14:06:47",
    "dateReserved": "2021-03-30T00:00:00",
    "dateUpdated": "2024-08-03T22:11:06.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-29629\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2021-05-28T15:15:08.850\",\"lastModified\":\"2022-05-16T20:55:05.373\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD versiones 13.0-STABLE anteriores a n245765-bec0d2c9c841, versiones 12.2-STABLE anteriores a r369859, versiones 11.4-STABLE anteriores a r369866, versiones 13.0-RELEASE anteriores a p1, versiones 12.2-RELEASE anteriores a p7 y versiones 11.4-RELEASE anteriores a p10, una falta comprobaci\u00f3n de mensaje en la funci\u00f3n libradius(3) podr\u00eda permitir a clientes o servidores maliciosos desencadenar una denegaci\u00f3n de servicio en servidores o clientes vulnerables, respectivamente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A865EA1-01D7-4E5A-9D13-80780F8A9D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B80FBD1B-D03E-4408-9150-2F86FAF7F1D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FCA6A72-2A72-45FD-A43D-B5BF7C329121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04EE177-C7D1-4049-B680-F961A27C677F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"218AF216-7B03-4C02-B55F-2316AF14074B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"33266717-0359-4243-868B-B84436E2A89E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"99965487-D5FD-4507-A43B-F241FEEA5237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"050F0B6A-4674-45E9-A079-60A68CFA4D25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E71B99C2-EECE-43F9-A66E-CF4B3A94A57D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"C75EF084-153F-4418-AC4B-0C2EAA431243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B0FB7BE-DB4E-47CE-8B51-C43DC5AADD17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D427061-B399-47BA-865D-9FAB315210CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:beta1-p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A52071-1307-4038-ACDF-F69954E95A39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A178A3-6A52-4981-9A27-FB07AD8AF778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A487B1-E5CE-4C76-87E8-518D24C5D86D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F084CAB-D138-4BF6-ABC2-2314F0FDE0D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C232CA9-FC15-4596-AA99-74509A714C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"25BD9C03-6219-49EB-B503-CD44A3B9AA0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"900755CC-07EF-4799-B5B4-F3762B3650E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"174265E7-6B73-4546-B4C7-3826C7EB5624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC7326E3-908D-47A1-B848-3AA7F34B3DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADBA841F-5C83-4759-84B7-B59DA1B12EA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A8F38B3-A6DA-4178-A2BD-0D4F0267C384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"00D28E4E-022B-482E-9952-7F7F47C427C2\"}]}]}],\"references\":[{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210713-0003/\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}
Action not permitted

cve-2021-29629

Vulnerability from cvelistv5

gsd-2021-29629

Vulnerability from gsd

ghsa-hmvq-2v7j-42hv

Vulnerability from github

Tags
