{"id":"CVE-2024-3596","details":"RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.","modified":"2026-04-16T04:40:31.043972140Z","published":"2024-07-09T12:15:20.700Z","related":["ALSA-2024:4935","ALSA-2024:4936","ALSA-2024:8860","ALSA-2024:9474","SUSE-SU-2024:2359-1","SUSE-SU-2024:2361-1","SUSE-SU-2024:2366-1","SUSE-SU-2024:2367-1","openSUSE-SU-2026:10528-1"],"references":[{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/html/ssa-794185.html"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/html/ssa-723487.html"},{"type":"WEB","url":"https://www.kb.cert.org/vuls/id/456537"},{"type":"ADVISORY","url":"https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"},{"type":"ADVISORY","url":"https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"},{"type":"ADVISORY","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240822-0001/"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/07/09/4"},{"type":"ARTICLE","url":"https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"},{"type":"ARTICLE","url":"https://datatracker.ietf.org/doc/html/rfc2865"},{"type":"ARTICLE","url":"https://www.blastradius.fail/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeradius/freeradius-server","events":[{"introduced":"0"},{"fixed":"f317c5b2668a4de7065df46b31267cd6ff32ddf1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.0.27"}]}}],"versions":["branch_4_0_0","first-build","release_0_1_0","release_0_2_0","release_0_3_0","release_0_4_0","release_0_5_0","release_0_6_0","release_0_7_0","release_2_0_0","release_2_0_0_pre1","release_2_0_0_pre2","release_2_0_1","release_2_0_2","release_2_0_3","release_2_0_4","release_2_0_5","release_2_1_0","release_2_1_1","release_2_1_2","release_2_1_3","release_2_1_4","release_2_1_7","release_3.0.8","release_3_0_0","release_3_0_0_beta0","release_3_0_0_beta1","release_3_0_0_rc0","release_3_0_0_rc1","release_3_0_1","release_3_0_10","release_3_0_11","release_3_0_12","release_3_0_13","release_3_0_14","release_3_0_15","release_3_0_16","release_3_0_17","release_3_0_18","release_3_0_19","release_3_0_2","release_3_0_20","release_3_0_21","release_3_0_22","release_3_0_23","release_3_0_24","release_3_0_25","release_3_0_26","release_3_0_3","release_3_0_4_rc0","release_3_0_4_rc1","release_3_0_4_rc2","release_3_0_5","release_3_0_6","release_3_0_7","release_3_0_8","release_3_0_9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3596.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}