CVSS: 9.8EPSS: 24%CPEs: 30EXPL: 0CVE-2017-10979 – freeradius: Out-of-bounds write in rad_coalesce()
https://notcve.org/view.php?id=CVE-2017-10979
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. Un problema FR-GV-202 en FreeRADIUS versión 2.x anterior a 2.2.10, permite un "Write overflow in rad_coalesce()" - esto permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario. An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99901 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10979 https://bugzilla.redhat.com/show_bug.cgi?id=1468490 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-10980 – freeradius: Memory leak in decode_tlv()
https://notcve.org/view.php?id=CVE-2017-10980
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. Un problema FR-GV-203 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in decode_tlv()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time possibly leading to a crash due to memory exhaustion. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99905 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10980 https://bugzilla.redhat.com/show_bug.cgi?id=1468493 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-10981 – freeradius: Memory leak in fr_dhcp_decode()
https://notcve.org/view.php?id=CVE-2017-10981
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Un problema FR-GV-204 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in fr_dhcp_decode()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99898 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10981 https://bugzilla.redhat.com/show_bug.cgi?id=1468495 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-10982 – freeradius: Out-of-bounds read in fr_dhcp_decode_options()
https://notcve.org/view.php?id=CVE-2017-10982
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Un problema FR-GV-205 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Buffer over-read in fr_dhcp_decode_options()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99912 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10982 https://bugzilla.redhat.com/show_bug.cgi?id=1468498 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2017-10983 – freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63
https://notcve.org/view.php?id=CVE-2017-10983
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Un problema FR-GV-206 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite una "DHCP - Read overflow when decoding option 63" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99915 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10983 https://bugzilla.redhat.com/show_bug.cgi?id=1468503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •