CVE-2017-10986

Published: 17 July 2017

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.15+dfsg-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(v3 only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [v3 only])
Patches:
Upstream: https://github.com/FreeRADIUS/freeradius-server/commit/21e2e95751bfb54c0fb0328392d06671a75c191c