CVE-2017-10978

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

Ссылки

http://freeradius.org/security/fuzzer-2017.html
Patch
Vendor Advisory
http://www.debian.org/security/2017/dsa-3930
Third Party Advisory
http://www.securityfocus.com/bid/99893
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038914
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1759
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2389
Third Party Advisory
http://freeradius.org/security/fuzzer-2017.html
Patch
Vendor Advisory
http://www.debian.org/security/2017/dsa-3930
Third Party Advisory
http://www.securityfocus.com/bid/99893
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038914
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1759
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2389
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 2.2.10 (исключая)

cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.0.15 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03305

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-10978

CVSS3: 7.5

ubuntu

больше 8 лет назад

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

CVE-2017-10978

CVSS3: 5.9

redhat

больше 8 лет назад

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

CVE-2017-10978

CVSS3: 7.5

debian

больше 8 лет назад

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...

GHSA-488j-jf6p-2fhv

CVSS3: 7.5

github

больше 3 лет назад

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

SUSE-SU-2017:2244-1

suse-cvrf

около 8 лет назад

Security update for freeradius-server

EPSS

Процентиль: 87%

0.03305

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119