vulnerability
Oracle Linux: CVE-2019-11235: ELSA-2019-1131: freeradius security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Apr 10, 2019 | Jul 21, 2020 | Dec 3, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Apr 10, 2019
Added
Jul 21, 2020
Modified
Dec 3, 2025
Description
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and integrity.
A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and integrity.
Solutions
oracle-linux-upgrade-freeradiusoracle-linux-upgrade-freeradius-develoracle-linux-upgrade-freeradius-docoracle-linux-upgrade-freeradius-krb5oracle-linux-upgrade-freeradius-ldaporacle-linux-upgrade-freeradius-mysqloracle-linux-upgrade-freeradius-perloracle-linux-upgrade-freeradius-postgresqloracle-linux-upgrade-freeradius-pythonoracle-linux-upgrade-freeradius-restoracle-linux-upgrade-freeradius-sqliteoracle-linux-upgrade-freeradius-unixodbcoracle-linux-upgrade-freeradius-utils
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.