// For flags

CVE-2017-17833

openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Las versiones de OpenSLP en las secuencias de código 1.0.2 y 1.1.0 tienen un problema de corrupción de memoria relacionada con la memoria dinámica (heap), que puede manifestarse como una vulnerabilidad de denegación de servicio (DoS) o de ejecución remota de código.

A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-12-22 CVE Reserved
  • 2018-04-23 CVE Published
  • 2024-04-02 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Thinkserver Rd350g Firmware
Search vendor "Lenovo" for product "Thinkserver Rd350g Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd350g
Search vendor "Lenovo" for product "Thinkserver Rd350g"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd350x Firmware
Search vendor "Lenovo" for product "Thinkserver Rd350x Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd350x
Search vendor "Lenovo" for product "Thinkserver Rd350x"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd450x Firmware
Search vendor "Lenovo" for product "Thinkserver Rd450x Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd450x
Search vendor "Lenovo" for product "Thinkserver Rd450x"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Hr630x Firmware
Search vendor "Lenovo" for product "Thinksystem Hr630x Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Hr630x
Search vendor "Lenovo" for product "Thinksystem Hr630x"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Hr650x Firmware
Search vendor "Lenovo" for product "Thinksystem Hr650x Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Hr650x
Search vendor "Lenovo" for product "Thinksystem Hr650x"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr630 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr630 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr630
Search vendor "Lenovo" for product "Thinksystem Sr630"
--
Safe
Lenovo
Search vendor "Lenovo"
Flex System Fc3171 8gb San Switch Firmware
Search vendor "Lenovo" for product "Flex System Fc3171 8gb San Switch Firmware"
< 9.1.13.02.00
Search vendor "Lenovo" for product "Flex System Fc3171 8gb San Switch Firmware" and version " < 9.1.13.02.00"
-
Affected
in Lenovo
Search vendor "Lenovo"
Flex System Fc3171 8gb San Switch
Search vendor "Lenovo" for product "Flex System Fc3171 8gb San Switch"
--
Safe
Lenovo
Search vendor "Lenovo"
Storage N3310 Firmware
Search vendor "Lenovo" for product "Storage N3310 Firmware"
< 4.53.351
Search vendor "Lenovo" for product "Storage N3310 Firmware" and version " < 4.53.351"
-
Affected
in Lenovo
Search vendor "Lenovo"
Storage N3310
Search vendor "Lenovo" for product "Storage N3310"
--
Safe
Lenovo
Search vendor "Lenovo"
Storage N4610 Firmware
Search vendor "Lenovo" for product "Storage N4610 Firmware"
< 4.53.351
Search vendor "Lenovo" for product "Storage N4610 Firmware" and version " < 4.53.351"
-
Affected
in Lenovo
Search vendor "Lenovo"
Storage N4610
Search vendor "Lenovo" for product "Storage N4610"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd340 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd340 Firmware"
< 50.00
Search vendor "Lenovo" for product "Thinkserver Rd340 Firmware" and version " < 50.00"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd340
Search vendor "Lenovo" for product "Thinkserver Rd340"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd350 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd350 Firmware"
< 4.53.351
Search vendor "Lenovo" for product "Thinkserver Rd350 Firmware" and version " < 4.53.351"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd350
Search vendor "Lenovo" for product "Thinkserver Rd350"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd440 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd440 Firmware"
<= 50.00
Search vendor "Lenovo" for product "Thinkserver Rd440 Firmware" and version " <= 50.00"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd440
Search vendor "Lenovo" for product "Thinkserver Rd440"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd450 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd450 Firmware"
< 4.53.351
Search vendor "Lenovo" for product "Thinkserver Rd450 Firmware" and version " < 4.53.351"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd450
Search vendor "Lenovo" for product "Thinkserver Rd450"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd550 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd550 Firmware"
< 4.53.351
Search vendor "Lenovo" for product "Thinkserver Rd550 Firmware" and version " < 4.53.351"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd550
Search vendor "Lenovo" for product "Thinkserver Rd550"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd540 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd540 Firmware"
< 50.00
Search vendor "Lenovo" for product "Thinkserver Rd540 Firmware" and version " < 50.00"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd540
Search vendor "Lenovo" for product "Thinkserver Rd540"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd640 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd640 Firmware"
< 50.00
Search vendor "Lenovo" for product "Thinkserver Rd640 Firmware" and version " < 50.00"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd640
Search vendor "Lenovo" for product "Thinkserver Rd640"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rd650 Firmware
Search vendor "Lenovo" for product "Thinkserver Rd650 Firmware"
< 4.53.351
Search vendor "Lenovo" for product "Thinkserver Rd650 Firmware" and version " < 4.53.351"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rd650
Search vendor "Lenovo" for product "Thinkserver Rd650"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rq750 Firmware
Search vendor "Lenovo" for product "Thinkserver Rq750 Firmware"
< 1.40
Search vendor "Lenovo" for product "Thinkserver Rq750 Firmware" and version " < 1.40"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rq750
Search vendor "Lenovo" for product "Thinkserver Rq750"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Rs160 Firmware
Search vendor "Lenovo" for product "Thinkserver Rs160 Firmware"
< 2.32
Search vendor "Lenovo" for product "Thinkserver Rs160 Firmware" and version " < 2.32"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Rs160
Search vendor "Lenovo" for product "Thinkserver Rs160"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Sd350 Firmware
Search vendor "Lenovo" for product "Thinkserver Sd350 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Sd350
Search vendor "Lenovo" for product "Thinkserver Sd350"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Td340 Firmware
Search vendor "Lenovo" for product "Thinkserver Td340 Firmware"
< 46.00
Search vendor "Lenovo" for product "Thinkserver Td340 Firmware" and version " < 46.00"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Td340
Search vendor "Lenovo" for product "Thinkserver Td340"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Td350 Firmware
Search vendor "Lenovo" for product "Thinkserver Td350 Firmware"
< 4.53.351
Search vendor "Lenovo" for product "Thinkserver Td350 Firmware" and version " < 4.53.351"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Td350
Search vendor "Lenovo" for product "Thinkserver Td350"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkserver Ts460 Firmware
Search vendor "Lenovo" for product "Thinkserver Ts460 Firmware"
< 2.32
Search vendor "Lenovo" for product "Thinkserver Ts460 Firmware" and version " < 2.32"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkserver Ts460
Search vendor "Lenovo" for product "Thinkserver Ts460"
--
Safe
Openslp
Search vendor "Openslp"
Openslp
Search vendor "Openslp" for product "Openslp"
1.0.2
Search vendor "Openslp" for product "Openslp" and version "1.0.2"
-
Affected
Openslp
Search vendor "Openslp"
Openslp
Search vendor "Openslp" for product "Openslp"
1.1.0
Search vendor "Openslp" for product "Openslp" and version "1.1.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
7.5
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected
Lenovo
Search vendor "Lenovo"
Bm Nextscale Fan Power Controller
Search vendor "Lenovo" for product "Bm Nextscale Fan Power Controller"
< 24p-2.15
Search vendor "Lenovo" for product "Bm Nextscale Fan Power Controller" and version " < 24p-2.15"
-
Affected
Lenovo
Search vendor "Lenovo"
Cmm
Search vendor "Lenovo" for product "Cmm"
< 1.8.0
Search vendor "Lenovo" for product "Cmm" and version " < 1.8.0"
-
Affected
Lenovo
Search vendor "Lenovo"
Fan Power Controller
Search vendor "Lenovo" for product "Fan Power Controller"
< 30r-1.13
Search vendor "Lenovo" for product "Fan Power Controller" and version " < 30r-1.13"
-
Affected
Lenovo
Search vendor "Lenovo"
Imm1
Search vendor "Lenovo" for product "Imm1"
< 1.55
Search vendor "Lenovo" for product "Imm1" and version " < 1.55"
-
Affected
Lenovo
Search vendor "Lenovo"
Imm2
Search vendor "Lenovo" for product "Imm2"
< 4.70
Search vendor "Lenovo" for product "Imm2" and version " < 4.70"
-
Affected
Lenovo
Search vendor "Lenovo"
Xclarity Administrator
Search vendor "Lenovo" for product "Xclarity Administrator"
< 1.4.0
Search vendor "Lenovo" for product "Xclarity Administrator" and version " < 1.4.0"
-
Affected