Debian Linux Security Advisory 2726-1 - A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.
72f234e7c07428d2e63e1a252b99f6eb0b9282b4ae5ce2396ffd5d580e411c58
Mandriva Linux Security Advisory 2013-192 - A security vulnerability was discovered and fixed in php-radius. Fixed a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. The updated packages have been upgraded to the 1.2.7 version which is not affected by this issue.
5c6452b9c7ec35b97c7fe08d04405fe45650f48c747ee8ca2febcb9671b8f929