Description
* An out-of-bounds write flaw was found in the way FreeRADIUS server handled
certain attributes in request packets. A remote attacker could use this flaw to
crash the FreeRADIUS server or to execute arbitrary code in the context of the
FreeRADIUS server process by sending a specially crafted request packet.
(CVE-2017-10979)
* An out-of-bounds read and write flaw was found in the way FreeRADIUS server
handled RADIUS packets. A remote attacker could use this flaw to crash the
FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978)
* Multiple memory leak flaws were found in the way FreeRADIUS server handled
decoding of DHCP packets. A remote attacker could use these flaws to cause the
FreeRADIUS server to consume an increasing amount of memory resources over time,
possibly leading to a crash due to memory exhaustion, by sending specially
crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981)
* Multiple out-of-bounds read flaws were found in the way FreeRADIUS server
handled decoding of DHCP packets. A remote attacker could use these flaws to
crash the FreeRADIUS server by sending a specially crafted DHCP request.
(CVE-2017-10982, CVE-2017-10983)