CVE-2017-10980 – freeradius: Memory leak in decode_tlv()
https://notcve.org/view.php?id=CVE-2017-10980
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. Un problema FR-GV-203 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in decode_tlv()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time possibly leading to a crash due to memory exhaustion. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99905 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10980 https://bugzilla.redhat.com/show_bug.cgi?id=1468493 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-10986 – freeradius: Infinite read in dhcp_attr2vp()
https://notcve.org/view.php?id=CVE-2017-10986
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. Un problema FR-GV-303 en FreeRADIUS versión 3.x anterior a 3.0.15, permite una "DHCP - Infinite read in dhcp_attr2vp()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99971 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10986 https://bugzilla.redhat.com/show_bug.cgi?id=1468551 • CWE-125: Out-of-bounds Read CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-10979 – freeradius: Out-of-bounds write in rad_coalesce()
https://notcve.org/view.php?id=CVE-2017-10979
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. Un problema FR-GV-202 en FreeRADIUS versión 2.x anterior a 2.2.10, permite un "Write overflow in rad_coalesce()" - esto permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario. An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99901 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10979 https://bugzilla.redhat.com/show_bug.cgi?id=1468490 • CWE-787: Out-of-bounds Write •
CVE-2017-10984 – freeradius: Out-of-bounds write in data2vp_wimax()
https://notcve.org/view.php?id=CVE-2017-10984
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. Un problema FR-GV-301 en FreeRADIUS versión 3.x anterior a 3.0.15, permite un "Write overflow in data2vp_wimax()" - esto permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario. An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99876 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10984 https://bugzilla.redhat.com/show_bug.cgi?id=1468549 • CWE-787: Out-of-bounds Write •
CVE-2017-10985 – freeradius: Infinite loop and memory exhaustion with 'concat' attributes
https://notcve.org/view.php?id=CVE-2017-10985
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. Un problema FR-GV-302 en FreeRADIUS versión 3.x anterior a 3.0.15, permite un "Infinite loop and memory exhaustion with 'concat' attributes" y una denegación de servicio. A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99968 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10985 https://bugzilla.redhat.com/show_bug.cgi?id=1468550 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •