Red Hat Bugzilla – Bug 1468550
CVE-2017-10985 freeradius: Infinite loop and memory exhaustion with 'concat' attributes
Last modified: 2017-08-02 05:48:27 EDT
When the server receives zero-length attributes marked 'concat' in the dictionaries, it could go into an infinite loop and exhaust memory. The issue happens when the server receives a packet containing the following attribute data: 4f 02, 89 02, 90 02, or b4 02.
The security impact is denial of service by anyone who can send packets which are accepted by the server.
Affected versions: 3.0.0 through 3.0.14, inclusive.
Name: the FreeRADIUS project
Upstream: Guido Vranken
Created attachment 1295269 [details]
Created freeradius tracking bugs for this issue:
Affects: fedora-all [bug 1471863]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:2389 https://access.redhat.com/errata/RHSA-2017:2389