rpm package
suse/freeradius-server&distro=SUSE Linux Enterprise Server 12 SP2
pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-10987 | Hig | 7.5 | < 3.0.3-17.9.1 | 3.0.3-17.9.1 | Jul 17, 2017 | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | |
| CVE-2017-10985 | Hig | 7.5 | < 3.0.3-17.9.1 | 3.0.3-17.9.1 | Jul 17, 2017 | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | |
| CVE-2017-10984 | Cri | 9.8 | < 3.0.3-17.9.1 | 3.0.3-17.9.1 | Jul 17, 2017 | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | |
| CVE-2017-10983 | Hig | 7.5 | < 3.0.3-17.9.1 | 3.0.3-17.9.1 | Jul 17, 2017 | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | |
| CVE-2017-10978 | Hig | 7.5 | < 3.0.3-17.9.1 | 3.0.3-17.9.1 | Jul 17, 2017 | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | |
| CVE-2017-9148 | Cri | 9.8 | < 3.0.3-17.4.1 | 3.0.3-17.4.1 | May 29, 2017 | The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass au | |
| CVE-2015-4680 | Hig | 7.5 | < 3.0.3-14.1 | 3.0.3-14.1 | Apr 5, 2017 | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. |
- affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
- affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
- affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
- affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
- affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
- affected < 3.0.3-17.4.1fixed 3.0.3-17.4.1
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass au
- affected < 3.0.3-14.1fixed 3.0.3-14.1
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.