VIR Vulnerability Intelligence Relay

CVE-2017-10979

critical
Published 2017-07-17 · Modified 2026-05-13
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VIR risk
9.8

Description

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
arch archfixed2.2.9-1
debian debianbookwormfixed3.0.12+dfsg-3
debian debianbullseyefixed3.0.12+dfsg-3
debian debianforkyfixed3.0.12+dfsg-3
debian debiansidfixed3.0.12+dfsg-3
debian debiantrixiefixed3.0.12+dfsg-3

Application impact
VendorProductVersionsFixed
freeradiusfreeradius2.0.0
freeradiusfreeradius2.0.1
freeradiusfreeradius2.0.2
freeradiusfreeradius2.0.3
freeradiusfreeradius2.0.4
freeradiusfreeradius2.0.5
freeradiusfreeradius2.1.0
freeradiusfreeradius2.1.1
freeradiusfreeradius2.1.2
freeradiusfreeradius2.1.3
freeradiusfreeradius2.1.4
freeradiusfreeradius2.1.6
freeradiusfreeradius2.1.7
freeradiusfreeradius2.1.8
freeradiusfreeradius2.1.9
freeradiusfreeradius2.1.10
freeradiusfreeradius2.1.11
freeradiusfreeradius2.1.12
freeradiusfreeradius2.2.0
freeradiusfreeradius2.2.1
freeradiusfreeradius2.2.2
freeradiusfreeradius2.2.3
freeradiusfreeradius2.2.4
freeradiusfreeradius2.2.5
freeradiusfreeradius2.2.6
freeradiusfreeradius2.2.7
freeradiusfreeradius2.2.8
freeradiusfreeradius2.2.9

References

CWEs

CWE-787

💬 Discuss CVE-2017-10979 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.