CVE-2017-9287

Опубликовано: 29 мая 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

Ссылки

http://www.debian.org/security/2017/dsa-3868
Third Party Advisory
http://www.openldap.org/its/?findid=8655
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98736
Broken Link
http://www.securitytracker.com/id/1038591
Broken Link
https://access.redhat.com/errata/RHSA-2017:1852
Third Party Advisory
https://bugs.debian.org/863563
Issue Tracking
Patch
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
http://www.debian.org/security/2017/dsa-3868
Third Party Advisory
http://www.openldap.org/its/?findid=8655
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98736
Broken Link
http://www.securitytracker.com/id/1038591
Broken Link
https://access.redhat.com/errata/RHSA-2017:1852
Third Party Advisory
https://bugs.debian.org/863563
Issue Tracking
Patch
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*

Версия до 2.4.44 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*

Версия до 6.5.1 (исключая)

Конфигурация 5

cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*

Версия до 21.1.2 (исключая)

EPSS

Процентиль: 97%

0.38966

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-415

Связанные уязвимости

CVE-2017-9287

CVSS3: 6.5

ubuntu

больше 8 лет назад

CVE-2017-9287

CVSS3: 6.5

redhat

больше 8 лет назад

CVE-2017-9287

CVSS3: 6.5

debian

больше 8 лет назад

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...

openSUSE-SU-2017:2181-1

suse-cvrf

около 8 лет назад

Security update for openldap2

SUSE-SU-2017:1567-1

suse-cvrf

больше 8 лет назад

Security update for openldap2

EPSS

Процентиль: 97%

0.38966

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-415