CVE-2017-10987

Published: 17 July 2017

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian 		Upstream
Released (3.0.15+dfsg-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(v3 only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [v3 only])
Patches:
Upstream: https://github.com/FreeRADIUS/freeradius-server/commit/19a18bf7c8af649c9e9742fb6a046f6aff639866

Notes

AuthorNote
sbeattie 
v3 only

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading