Public Date:
1468490: CVE-2017-10979 freeradius: Out-of-bounds write in rad_coalesce()
An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.

Find out more about CVE-2017-10979 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 8.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (freeradius) RHSA-2017:1759 2017-07-18

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 freeradius Not affected
Red Hat Enterprise Linux 5 freeradius2 Will not fix
Red Hat Enterprise Linux 5 freeradius Will not fix


Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.

External References

Last Modified