CVE-2017-10984

EUVD-2017-2622
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
freeradiusfreeradius
3.0.0
freeradiusfreeradius
3.0.1
freeradiusfreeradius
3.0.2
freeradiusfreeradius
3.0.3
freeradiusfreeradius
3.0.4
freeradiusfreeradius
3.0.5
freeradiusfreeradius
3.0.6
freeradiusfreeradius
3.0.7
freeradiusfreeradius
3.0.8
freeradiusfreeradius
3.0.9
freeradiusfreeradius
3.0.10
freeradiusfreeradius
3.0.11
freeradiusfreeradius
3.0.12
freeradiusfreeradius
3.0.13
freeradiusfreeradius
3.0.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeradius
bookworm
3.2.1+dfsg-4+deb12u1
fixed
bullseye
3.0.21+dfsg-2.2+deb11u1
fixed
jessie
not-affected
sid
3.2.5+dfsg-3
fixed
trixie
3.2.5+dfsg-3
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeradius
trusty
dne
xenial
not-affected
yakkety
ignored
zesty
Fixed 3.0.12+dfsg-4ubuntu1.2
released
Common Weakness Enumeration
References
http://freeradius.org/security/fuzzer-2017.html
http://www.debian.org/security/2017/dsa-3930
http://www.securityfocus.com/bid/99876
https://access.redhat.com/errata/RHSA-2017:2389
http://freeradius.org/security/fuzzer-2017.html
http://www.debian.org/security/2017/dsa-3930
http://www.securityfocus.com/bid/99876
https://access.redhat.com/errata/RHSA-2017:2389