CVE-2017-9287
published 2017-05-29CVE-2017-9287: servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | openldap | < openldap 2.4.44+dfsg-5 (bookworm) | openldap 2.4.44+dfsg-5 (bookworm) |
| mcafee | policy_auditor | < 6.5.1 | 6.5.1 |
| openldap | openldap | <= 2.4.44 | — |
| openldap | openldap | >= 0 < 2.4.44+dfsg-5 | 2.4.44+dfsg-5 |
| openldap | openldap | >= 0 < 2.4.44+dfsg-5 | 2.4.44+dfsg-5 |
| openldap | openldap | >= 0 < 2.4.44+dfsg-5 | 2.4.44+dfsg-5 |
| openldap | openldap | >= 0 < 2.4.44+dfsg-5 | 2.4.44+dfsg-5 |
| oracle | blockchain_platform | < 21.1.2 | 21.1.2 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM