When the server receives zero-length attributes marked 'concat' in the dictionaries, it could go into an infinite loop and exhaust memory. The issue happens when the server receives a packet containing the following attribute data: 4f 02, 89 02, 90 02, or b4 02. The security impact is denial of service by anyone who can send packets which are accepted by the server. Affected versions: 3.0.0 through 3.0.14, inclusive.
Acknowledgments: Name: the FreeRADIUS project Upstream: Guido Vranken
Created attachment 1295269 [details] Proposed patch
Created freeradius tracking bugs for this issue: Affects: fedora-all [bug 1471863]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2389 https://access.redhat.com/errata/RHSA-2017:2389
External References: http://freeradius.org/security/fuzzer-2017.html