Vulnerability CVE-2017-9287: Information

Description

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-9287

Published: May 29, 2017

Modified: June 13, 2022

Error type identifier: CWE-415

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
openldap	sisyphus	2.4.45-alt1	2.6.7-alt2	ALT-PU-2017-2178-1	188051	Fixed
openldap	p10	2.4.45-alt1	2.4.59-alt1.p10.2	ALT-PU-2017-2178-1	188051	Fixed
openldap	p9	2.4.45-alt1	2.4.59-alt0.p9.1	ALT-PU-2017-2178-1	188051	Fixed
openldap	p8	2.4.45-alt0.M80P.1	2.4.45-alt1.M80P.1	ALT-PU-2017-2179-1	188052	Fixed
openldap	c10f1	2.4.45-alt1	2.4.59-alt1.p10.2	ALT-PU-2017-2178-1	188051	Fixed
openldap	c9f2	2.4.45-alt1	2.4.59-alt0.c9.2	ALT-PU-2017-2178-1	188051	Fixed
openldap	c7	2.4.45-alt0.M70C.1	2.4.45-alt0.M70C.1	ALT-PU-2017-2187-1	188054	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugs.debian.org/863563	Issue Tracking Patch Third Party Advisory
http://www.openldap.org/its/?findid=8655	Exploit Patch Vendor Advisory
98736	Broken Link
1038591	Broken Link
DSA-3868	Third Party Advisory
RHSA-2017:1852	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
  End including
  2.4.44
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*
  End excliding
  6.5.1
  
  Configuration 5
  cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
  End excliding
  21.1.2

Version: v24.5.0

Vulnerability CVE-2017-9287: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5