Public Date:
1468495: CVE-2017-10981 freeradius: Memory leak in fr_dhcp_decode()
A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets.

Find out more about CVE-2017-10981 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (freeradius) RHSA-2017:1759 2017-07-18

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 freeradius Not affected
Red Hat Enterprise Linux 5 freeradius2 Will not fix
Red Hat Enterprise Linux 5 freeradius Will not fix


Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.

External References

Last Modified