{"id":"CVE-2017-10978","details":"An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.","modified":"2026-04-16T01:42:48.954761876Z","published":"2017-07-17T17:29:00.180Z","related":["SUSE-SU-2017:2202-1","SUSE-SU-2017:2243-1","SUSE-SU-2017:2244-1","openSUSE-SU-2024:10767-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"6.0"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.4"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.6"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.7"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.4"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.5"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.6"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.7"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.4"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.6"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.7"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"6.0"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}]}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3930"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99893"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038914"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1759"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2389"},{"type":"FIX","url":"http://freeradius.org/security/fuzzer-2017.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeradius/freeradius-server","events":[{"introduced":"74ef9b64f7cd631b13d7a61bd1588a2bfc75ba39"},{"fixed":"ee6cba74cfa0c7214eb068f2f4665da0137c69c3"},{"introduced":"580424ea12feeb5933f1aaac33fd5f9e2fa2ee60"},{"fixed":"d253cf86d79b024ff68378e146775aa6975b887a"}],"database_specific":{"cpe":"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"2.0"},{"fixed":"2.2.10"},{"introduced":"3.0.0"},{"fixed":"3.0.15"}]}}],"versions":["release_2_0_0","release_2_0_1","release_2_0_2","release_2_0_3","release_2_0_4","release_2_0_5","release_2_1_0","release_2_1_1","release_2_1_10","release_2_1_11","release_2_1_12","release_2_1_2","release_2_1_3","release_2_1_4","release_2_1_7","release_2_1_8","release_2_1_9","release_2_2_0","release_2_2_1","release_2_2_2","release_2_2_3","release_2_2_4","release_2_2_5","release_2_2_6","release_2_2_7","release_2_2_8","release_2_2_9","release_3.0.8","release_3_0_0","release_3_0_1","release_3_0_10","release_3_0_11","release_3_0_12","release_3_0_13","release_3_0_14","release_3_0_2","release_3_0_3","release_3_0_4_rc0","release_3_0_4_rc1","release_3_0_4_rc2","release_3_0_5","release_3_0_6","release_3_0_7","release_3_0_8","release_3_0_9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-10978.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}