The app freeRadius has security issues on Version 3.0.25. Here the Info from the BSI: A remote, anonymous attacker can exploit multiple vulnerabilities in FreeRADIUS to disclose information or cause a denial of service condition. https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2411
The BSI Warning mentions two CVEs: # CVE-2022-41859 No detailed information at debian yet, CVE is marked as reserved https://security-tracker.debian.org/tracker/CVE-2022-41859 Apparently ubuntu will not incorporate the fix in older versions, as the changes are to intrusive https://ubuntu.com/security/CVE-2022-41859 # CVE-2022-41861 https://security-tracker.debian.org/tracker/CVE-2022-41861 According to https://freeradius.org/security/ (2022): A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. This crash is not exploitable by end users. Only systems which are in the RADIUS circle of trust can send these malformed attributes to a server. No actions other than a crash are possible. As a result, the severity of this issue is low. A malicious RADIUS client or home server can do many worse things than crash the server. For example, it could cause all users to be authenticated, or cause all users to be rejected, or it could lie about all accounting data.
Fixed with Bug #55758 and Bug #55761. *** This bug has been marked as a duplicate of bug 55758 ***