CVE-2017-17833

Published: 23/04/2018 Updated: 15/05/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openslp openslp 1.1.0
openslp openslp 1.0.2
debian debian linux 7.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server aus 7.6
redhat enterprise linux server eus 7.5
redhat enterprise linux desktop 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server tus 7.6
redhat enterprise linux server 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server eus 7.6
lenovo thinkserver_rd350g_firmware -
lenovo thinkserver_rd350x_firmware -
lenovo thinkserver_rd450x_firmware -
lenovo thinksystem_hr630x_firmware -
lenovo thinksystem_hr650x_firmware -
lenovo thinksystem_sr630_firmware -
lenovo flex_system_fc3171_8gb_san_switch_firmware
lenovo storage_n3310_firmware
lenovo storage_n4610_firmware
lenovo imm2
lenovo cmm
lenovo xclarity administrator
lenovo bm nextscale fan power controller
lenovo fan power controller
lenovo imm1
lenovo thinkserver_rd340_firmware
lenovo thinkserver_rd350_firmware
lenovo thinkserver_rd440_firmware
lenovo thinkserver_rd450_firmware
lenovo thinkserver_rd550_firmware
lenovo thinkserver_rd540_firmware
lenovo thinkserver_rd640_firmware
lenovo thinkserver_rd650_firmware
lenovo thinkserver_rq750_firmware
lenovo thinkserver_rs160_firmware
lenovo thinkserver_sd350_firmware -
lenovo thinkserver_td340_firmware
lenovo thinkserver_td350_firmware
lenovo thinkserver_ts460_firmware

Synopsis Important: openslp security update Type/Severity Security Advisory: Important Topic An update for openslp is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: openslp security update Type/Severity Security Advisory: Important Topic An update for openslp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

OpenSLP could be made to crash or run programs if it received specially crafted network traffic ...

A use-after-free flaw in OpenSLP 1x and 2x baselines was discovered in the ProcessSrvRqst function A failure to update a local pointer may lead to heap corruption A remote attacker may be able to leverage this flaw to gain remote code execution(CVE-2017-17833) ...

A use-after-free flaw in OpenSLP 1x and 2x baselines was discovered in the ProcessSrvRqst function A failure to update a local pointer may lead to heap corruption A remote attacker may be able to leverage this flaw to gain remote code execution ...

CWE-119 https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/http://support.lenovo.com/us/en/solutions/LEN-18247 https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html https://usn.ubuntu.com/3708-1/https://access.redhat.com/errata/RHSA-2018:2240 https://access.redhat.com/errata/RHSA-2018:2308 https://security.gentoo.org/glsa/202005-12 https://access.redhat.com/errata/RHSA-2018:2308 https://usn.ubuntu.com/3708-1/https://nvd.nist.gov

CVE-2017-17833

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect