CVE-2017-17833

CWE-119 — Buffer Overflow CWE-416 — Use After Free10 documents7 sources

Severity

9.8CRITICAL

EPSS

0.8%

top 25.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo BM Nextscale FAN Power Controller Lenovo CMM Lenovo FAN Power Controller +28 more

Timeline

PublishedApr 23

Latest updateMay 13

Description

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages27 packages

▶Ubuntuopenslp-dfsg< 1.2.1-9ubuntu0.3+1

▶NVDopenslp/openslp1.0.2, 1.1.0+1

▶NVDlenovo/cmm< 1.8.0

▶NVDlenovo/imm1< 1.55

▶NVDlenovo/imm2< 4.70

Also affects: Debian Linux 7.0, Ubuntu Linux 14.04, 16.04, Enterprise Linux 7.6, 7.5

Patches

Patch: support.lenovo.com ↗Patch: sourceforge.net ↗Patch: support.lenovo.com ↗

🔴Vulnerability Details

GHSA

GHSA-r3mh-hjcg-756h: OpenSLP releases in the 1↗2022-05-13

▶

OSV

CVE-2017-17833: OpenSLP releases in the 1↗2018-04-23

▶

CVEList

CVE-2017-17833: OpenSLP releases in the 1↗2018-04-23

▶

📋Vendor Advisories

Ubuntu

OpenSLP vulnerabilities↗2018-07-09

▶

Red Hat

openslp: Double free in slp_buffer:SLPBufferRealloc() may allow a remote attacker to execute arbitrary code↗2018-06-28

▶

Red Hat

openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution↗2018-04-19

▶

💬Community

Bugzilla

CVE-2018-12938 openslp: Double free in slp_buffer:SLPBufferRealloc() may allow a remote attacker to execute arbitrary code↗2018-06-29

▶

Bugzilla

CVE-2017-17833 CVE-2018-12938 openslp: various flaws [fedora-all]↗2018-04-26

▶

Bugzilla

CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution↗2018-04-26

▶