{"id":"CVE-2013-2220","details":"Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.","modified":"2026-04-16T06:24:06.082602161Z","published":"2013-07-31T13:20:27Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2726"},{"type":"EVIDENCE","url":"https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234"},{"type":"FIX","url":"https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362"},{"type":"WEB","url":"http://pecl.php.net/package/radius/1.2.7"}],"schema_version":"1.7.5"}