An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
https://access.redhat.com/errata/RHSA-2017:2389
http://www.securityfocus.com/bid/99876