CVE-2017-10985

Published: 17 July 2017

An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.15+dfsg-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(only 3.x)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [only 3.x])
Patches:
Upstream: https://github.com/FreeRADIUS/freeradius-server/commit/6726c16549b131ed39f6f8886cdf5d9d922a9a97