CVE-2017-10987

Published: 17 July 2017

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.15+dfsg-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(v3 only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [v3 only])
Patches:
Upstream: https://github.com/FreeRADIUS/freeradius-server/commit/19a18bf7c8af649c9e9742fb6a046f6aff639866