Unrated severityNVD Advisory· Published Oct 7, 2010· Updated Apr 29, 2026
CVE-2010-3696
CVE-2010-3696
Description
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
Affected products
1- cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
Patches
14dc7800b866fFix endless loop when there are multiple DHCP options
1 file changed · +1 −1
src/lib/dhcp.c+1 −1 modified@@ -714,7 +714,7 @@ int fr_dhcp_decode(RADIUS_PACKET *packet) } *tail = vp; - while (*tail) tail = &vp->next; + while (*tail) tail = &(*tail)->next; p += alen; } /* loop over array entries */ } /* loop over the entire packet */
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279nvdPatch
- bugs.freeradius.org/bugzilla/show_bug.cginvdPatch
- secunia.com/advisories/41621nvdVendor Advisory
- freeradius.org/press/index.htmlnvd
- www.openwall.com/lists/oss-security/2010/10/01/3nvd
- www.openwall.com/lists/oss-security/2010/10/01/8nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.