CVE-2017-17833

Description

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Related CPE's

aopenslpopenslp1.0.2*******

aopenslpopenslp1.1.0*******

odebiandebian_linux7.0*******

ocanonicalubuntu_linux16.04***lts***

ocanonicalubuntu_linux14.04***lts***

oredhatenterprise_linux_desktop7.0*******

oredhatenterprise_linux_workstation7.0*******

oredhatenterprise_linux_server7.0*******

oredhatenterprise_linux_desktop6.0*******

oredhatenterprise_linux_server6.0*******

References

https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/

PatchThird Party Advisory

http://support.lenovo.com/us/en/solutions/LEN-18247

PatchThird Party Advisory

[debian-lts-announce] 20180425 [SECURITY] [DLA 1364-1] openslp-dfsg security update

Issue TrackingMailing ListThird Party Advisory

USN-3708-1

Third Party Advisory

RHSA-2018:2240

Third Party Advisory

RHSA-2018:2308

Third Party Advisory

GLSA-202005-12

CvssV3 impact

BaseSeverity

CRITICAL

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

9.8

VectorString

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io