CVE-2017-9287
Description
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
35.898
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| OpenLDAP utilities (USN-2622-1) slapd_2.4.31-1+nmu2ubuntu8.4_amd64.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.31-1+nmu2ubuntu8.4_i386.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.31-1+nmu2ubuntu8.4_amd64.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.42+dfsg-2ubuntu3.2_i386.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.42+dfsg-2ubuntu3.2_amd64.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.42+dfsg-2ubuntu4.1_i386.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.42+dfsg-2ubuntu4.1_amd64.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.44+dfsg-3ubuntu2.1_i386.deb | Linux |
| OpenLDAP utilities (USN-3307-1) slapd_2.4.44+dfsg-3ubuntu2.1_amd64.deb | Linux |
| (RHSA-2017:1852) Moderate: openldap security, bug fix, and enhancement update openldap-2.4.44-5.el7.i686.rpm | Linux |
| (RHSA-2017:1852) Moderate: openldap security, bug fix, and enhancement update openldap-2.4.44-5.el7.x86_64.rpm | Linux |
| (RHSA-2017:1852) Moderate: openldap security, bug fix, and enhancement update openldap-clients-2.4.44-5.el7.x86_64.rpm | Linux |
| (RHSA-2017:1852) Moderate: openldap security, bug fix, and enhancement update openldap-devel-2.4.44-5.el7.i686.rpm | Linux |
| (RHSA-2017:1852) Moderate: openldap security, bug fix, and enhancement update openldap-devel-2.4.44-5.el7.x86_64.rpm | Linux |
| (RHSA-2017:1852) Moderate: openldap security, bug fix, and enhancement update openldap-servers-2.4.44-5.el7.x86_64.rpm | Linux |
| (RHSA-2017:1852) Moderate: openldap security, bug fix, and enhancement update openldap-servers-sql-2.4.44-5.el7.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) libldap-2_4-2-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) libldap-2_4-2-32bit-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) libldap-2_4-2-debuginfo-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) libldap-2_4-2-debuginfo-32bit-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Server 12-SP2 ) openldap2-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Server 12-SP2 ) openldap2-back-meta-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Server 12-SP2 ) openldap2-back-meta-debuginfo-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) openldap2-client-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) openldap2-client-debuginfo-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) openldap2-debuginfo-2.4.41-18.29.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1567-1(SUSE Linux Enterprise Desktop 12-SP2 ) openldap2-debugsource-2.4.41-18.29.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234