servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
References
Link | Resource |
---|---|
http://www.debian.org/security/2017/dsa-3868 | Third Party Advisory |
http://www.openldap.org/its/?findid=8655 | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/98736 | Broken Link |
http://www.securitytracker.com/id/1038591 | Broken Link |
https://access.redhat.com/errata/RHSA-2017:1852 | Third Party Advisory |
https://bugs.debian.org/863563 | Issue Tracking Patch Third Party Advisory |
https://kc.mcafee.com/corporate/index?page=content&id=SB10365 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
13 Jun 2022, 19:18
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Workstation
Redhat enterprise Linux Eus Redhat Redhat enterprise Linux Server Debian Mcafee Debian debian Linux Mcafee policy Auditor Oracle blockchain Platform Redhat enterprise Linux Server Aus Oracle Redhat enterprise Linux Server Tus Redhat enterprise Linux Desktop |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* |
|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:1852 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/98736 - Broken Link | |
References | (SECTRACK) http://www.securitytracker.com/id/1038591 - Broken Link | |
References | (DEBIAN) http://www.debian.org/security/2017/dsa-3868 - Third Party Advisory | |
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10365 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2017-05-29 16:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-9287
Mitre link : CVE-2017-9287
CVE.ORG link : CVE-2017-9287
JSON object : View
Products Affected
debian
- debian_linux
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_eus
openldap
- openldap
oracle
- blockchain_platform
mcafee
- policy_auditor
CWE
CWE-415
Double Free