CVE-2017-10987 |
AVG-357 |
Medium |
Yes |
Denial of service |
A security issue has been found in freeradius <= 3.0.15, where the fr_dhcp_decode_suboptions() function does not properly check if sub- options overflow the packet. |
CVE-2017-10986 |
AVG-357 |
Medium |
Yes |
Denial of service |
A security issue has been found in freeradius <= 3.0.15, where the dhcp_attr2vp() function, when decoding "string" options in an array, could be convinced... |
CVE-2017-10985 |
AVG-357 |
Medium |
Yes |
Denial of service |
A security issue has been found in freeradius <= 3.0.15, where the server could go into an infinite loop and exhaust memory when it receives zero-length... |
CVE-2017-10984 |
AVG-357 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in freeradius <= 3.0.15, where the data2vp_wimax() function checks for WiMAX attributes which are too small, but it does not... |
CVE-2017-10983 |
AVG-357 |
Medium |
Yes |
Denial of service |
A security issue has been found in freeradius <= 3.0.15, where the fr_dhcp_decode() function performed a strcmp() on binary data in an internal data... |
CVE-2017-10981 |
AVG-934 |
Low |
Yes |
Denial of service |
A security issue has been found in freeradius <= 2.2.9, where the fr_dhcp_decode() function leaked memory in certain circumstances. A remote attacker with... |
CVE-2017-10980 |
AVG-934 |
Medium |
Yes |
Denial of service |
A security issue has been found in freeradius <= 2.2.9, where thedecode_tlv() function leaked memory in certain circumstances. A remote attacker with the... |
CVE-2017-10979 |
AVG-934 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in freeradius <= 2.2.9, where the rad_coalesce() function checks for WiMAX attributes which are too small, but it does not... |
CVE-2017-10978 |
AVG-357 |
Medium |
Yes |
Denial of service |
A security issue has been found in freeradius <= 3.0.15, where the make_secret() function does not properly check for output buffer size before writing... |
CVE-2017-9148 |
AVG-281 |
High |
Yes |
Authentication bypass |
A security issue has been found in FreeRADIUS < 3.0.14. The implementation of TTLS and PEAP in FreeRADIUS skips inner authentication when it handles a... |