FreeRADIUS, the popular open source RADIUS server, today published updates that include fixes for a number of security issues uncovered by a custom fuzzer built by Dutch researcher Guido Vranken.
Vranken used a custom version of libFuzzer to find a handful of serious bugs in OpenVPN that were ultimately patched in late June. A memory leak related to misuse of the OpenSSL API in OpenVPN was also found in and disclosed to FreeRADIUS, prompting the project to commission Vranken to take a closer look at the server software.
Leave a reply
