Question 1

What is CVE-2022-41860 — CVE-2022-41860?

Accepted Answer

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

Question 2

What is the authoritative source for CVE-2022-41860?

Accepted Answer

CVE-2022-41860 (CVE-2022-41860) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	7.5 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS	1.17% probability of exploitation · percentile 63.3% · 2026-06-19T12:03:05Z
Last modified	2026-06-17

CVE-2022-41860CVE-2022-41860

Description

Scoring