CVE-2017-10978

high-risk

Published 2017-07-17

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

Do I need to act?

~

3.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

Debian Linux

Debian Linux

Enterprise Linux Server

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Workstation

Enterprise Linux Workstation

Freeradius

Enterprise Linux Desktop

Enterprise Linux Server Eus

Enterprise Linux Server Eus

Enterprise Linux Server Eus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Server Tus

Enterprise Linux Server Tus

Affected Vendors

Debian Redhat Freeradius

References (12)

Patch http://freeradius.org/security/fuzzer-2017.html

Third Party Advisory http://www.debian.org/security/2017/dsa-3930

Third Party Advisory http://www.securityfocus.com/bid/99893

Third Party Advisory http://www.securitytracker.com/id/1038914

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1759

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2389

Patch http://freeradius.org/security/fuzzer-2017.html

Third Party Advisory http://www.debian.org/security/2017/dsa-3930

Third Party Advisory http://www.securityfocus.com/bid/99893

Third Party Advisory http://www.securitytracker.com/id/1038914

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1759

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2389

52

/ 100

high-risk

Severity 26/34 · High

Exploitability 7/34 · Low

Exposure 19/34 · Moderate