CVE-2017-9287
openldap: Double free vulnerability in servers/slapd/back-mdb/search.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
servers/slapd/back-mdb/search.c en OpenLDAP hasta la versión 2.4.44 es propenso a una doble vulnerabilidad de liberación de memoria. Un usuario con acceso para buscar en el directorio puede hacer que slapd deje de funcionar al emitir una búsqueda que incluya el control Paged Results con un tamaño de página de 0.
A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-29 CVE Reserved
- 2017-05-29 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-415: Double Free
- CWE-416: Use After Free
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/98736 | Broken Link | |
http://www.securitytracker.com/id/1038591 | Broken Link | |
https://kc.mcafee.com/corporate/index?page=content&id=SB10365 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
http://www.openldap.org/its/?findid=8655 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://bugs.debian.org/863563 | 2022-06-13 | |
https://www.oracle.com/security-alerts/cpuapr2022.html | 2022-06-13 |
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3868 | 2022-06-13 | |
https://access.redhat.com/errata/RHSA-2017:1852 | 2022-06-13 | |
https://access.redhat.com/security/cve/CVE-2017-9287 | 2017-08-01 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1456712 | 2017-08-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | <= 2.4.44 Search vendor "Openldap" for product "Openldap" and version " <= 2.4.44" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Policy Auditor Search vendor "Mcafee" for product "Policy Auditor" | < 6.5.1 Search vendor "Mcafee" for product "Policy Auditor" and version " < 6.5.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Blockchain Platform Search vendor "Oracle" for product "Blockchain Platform" | < 21.1.2 Search vendor "Oracle" for product "Blockchain Platform" and version " < 21.1.2" | - |
Affected
|