A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet.
When the server receives zero-length attributes marked 'concat' in the dictionaries, it could go into an infinite loop and exhaust memory. The issue happens when the server receives a packet containing the following attribute data: 4f 02, 89 02, 90 02, or b4 02.
The security impact is denial of service by anyone who can send packets which are accepted by the server.
Affected versions: 3.0.0 through 3.0.14, inclusive.