It was discovered that decode_tlv() function leaked memory in certain circumstances. The security impact is denial of service by any network device capable of sending DHCP packets to FreeRADIUS, which sends option 82 with multiple sub-options. Affected versions: 2.0.0 through 2.2.9, inclusive.
Acknowledgments: Name: the FreeRADIUS project Upstream: Guido Vranken
Created attachment 1295280 [details] Proposed patch
Created freeradius tracking bugs for this issue: Affects: fedora-all [bug 1471852]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1759 https://access.redhat.com/errata/RHSA-2017:1759
External References: http://freeradius.org/security/fuzzer-2017.html