Vulnerability Report

CVE-2012-3547

Title: Freeradius RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2012-3547.

CWE Category CWE-119

Published Date Sep 18, 2012

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 6.8 CVSS v2.0

Exploit Probability (EPSS)

12.31%

Vulnerability Summary

CVE-2012-3547: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.

Impacted Vendors

freeradius 1

Reference Links

http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html http://freeradius.org/security.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html http://osvdb.org/85325 http://rhn.redhat.com/errata/RHSA-2012-1326.html http://rhn.redhat.com/errata/RHSA-2012-1327.html http://secunia.com/advisories/50484 http://secunia.com/advisories/50584 http://secunia.com/advisories/50637 http://secunia.com/advisories/50770 http://www.debian.org/security/2012/dsa-2546 http://www.mandriva.com/security/advisories?name=MDVSA-2012:159 http://www.openwall.com/lists/oss-security/2012/09/10/2 http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt http://www.securityfocus.com/bid/55483 http://www.securitytracker.com/id?1027509 http://www.ubuntu.com/usn/USN-1585-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/78408 http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html http://freeradius.org/security.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html http://osvdb.org/85325 http://rhn.redhat.com/errata/RHSA-2012-1326.html http://rhn.redhat.com/errata/RHSA-2012-1327.html http://secunia.com/advisories/50484 http://secunia.com/advisories/50584 http://secunia.com/advisories/50637 http://secunia.com/advisories/50770 http://www.debian.org/security/2012/dsa-2546 http://www.mandriva.com/security/advisories?name=MDVSA-2012:159 http://www.openwall.com/lists/oss-security/2012/09/10/2 http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt http://www.securityfocus.com/bid/55483 http://www.securitytracker.com/id?1027509 http://www.ubuntu.com/usn/USN-1585-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/78408

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.8

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2012-3547 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

September 18, 2012 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.