{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T09:30:38.227","vulnerabilities":[{"cve":{"id":"CVE-2022-41860","sourceIdentifier":"secalert@redhat.com","published":"2023-01-17T18:15:11.387","lastModified":"2025-11-03T20:15:57.650","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."},{"lang":"es","value":"En freeradius, cuando un solicitante de EAP-SIM envía una opción SIM desconocida, el servidor intentará buscar esa opción en los diccionarios internos. Esta búsqueda fallará, pero el código SIM no verificará ese error. En su lugar, eliminará la referencia a un puntero NULL y provocará que el servidor falle."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.3","versionEndIncluding":"3.0.25","matchCriteriaId":"6A19F4F3-C514-4FDC-B3A3-0E688BD43247"}]}]}],"references":[{"url":"https://freeradius.org/security/","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://freeradius.org/security/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}