CVE-2017-9287

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*

History

13 Jun 2022, 19:18

Type Values Removed Values Added
First Time Redhat enterprise Linux Workstation
Redhat enterprise Linux Eus
Redhat
Redhat enterprise Linux Server
Debian
Mcafee
Debian debian Linux
Mcafee policy Auditor
Oracle blockchain Platform
Redhat enterprise Linux Server Aus
Oracle
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Desktop
CPE cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1852 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1852 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/98736 - Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/98736 - Broken Link
References (SECTRACK) http://www.securitytracker.com/id/1038591 - (SECTRACK) http://www.securitytracker.com/id/1038591 - Broken Link
References (DEBIAN) http://www.debian.org/security/2017/dsa-3868 - (DEBIAN) http://www.debian.org/security/2017/dsa-3868 - Third Party Advisory
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10365 - (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10365 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -
  • (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10365 -

Information

Published : 2017-05-29 16:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-9287

Mitre link : CVE-2017-9287

CVE.ORG link : CVE-2017-9287


JSON object : View

Products Affected

debian

  • debian_linux

redhat

  • enterprise_linux_server_aus
  • enterprise_linux_server_tus
  • enterprise_linux_server
  • enterprise_linux_workstation
  • enterprise_linux_desktop
  • enterprise_linux_eus

openldap

  • openldap

oracle

  • blockchain_platform

mcafee

  • policy_auditor
CWE
CWE-415

Double Free