Main Vulnerability Database Vulnerabilities #VU7555

#VU7555 Memory leak in FreeRADIUS - CVE-2017-10981

Published: July 18, 2017

Vulnerability identifier: #VU7555

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-10981

CWE-ID: CWE-401

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
FreeRADIUS

Software vendor:
FreeRADIUS Server Project

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with malicious options to vulnerable system and trigger denial of service attack.

Remediation

Update to version 2.2.10.

External links

http://freeradius.org/security/fuzzer-2017.html#FR-GV-204

#VU7555 Memory leak in FreeRADIUS - CVE-2017-10981

Description

Remediation

External links

Please verify you're human