ID CVE-2017-9287
Summary servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.4.44
    cpe:2.3:a:openldap:openldap:2.4.44
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-415
CAPEC
redhat via4
advisories
bugzilla
id 1456712
title CVE-2017-9287 openldap: Double free vulnerability in servers/slapd/back-mdb/search.c
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment openldap is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852013
      • comment openldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347006
    • AND
      • comment openldap-clients is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852007
      • comment openldap-clients is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347016
    • AND
      • comment openldap-devel is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852005
      • comment openldap-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347008
    • AND
      • comment openldap-servers is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852011
      • comment openldap-servers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347012
    • AND
      • comment openldap-servers-sql is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852009
      • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347014
rhsa
id RHSA-2017:1852
released 2017-08-01
severity Moderate
title RHSA-2017:1852: openldap security, bug fix, and enhancement update (Moderate)
rpms
  • openldap-0:2.4.44-5.el7
  • openldap-clients-0:2.4.44-5.el7
  • openldap-devel-0:2.4.44-5.el7
  • openldap-servers-0:2.4.44-5.el7
  • openldap-servers-sql-0:2.4.44-5.el7
refmap via4
bid 98736
confirm
debian DSA-3868
sectrack 1038591
Last major update 29-05-2017 - 12:29
Published 29-05-2017 - 12:29
Last modified 03-11-2017 - 21:29
Back to Top