Vulnerability Details CVE-2017-9287
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.271
EPSS Ranking 96.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.debian.org/security/2017/dsa-3868
- http://www.openldap.org/its/?findid=8655
- http://www.securityfocus.com/bid/98736
- http://www.securitytracker.com/id/1038591
- https://access.redhat.com/errata/RHSA-2017:1852
- https://bugs.debian.org/863563
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://www.oracle.com/security-alerts/cpuapr2022.html
- http://www.debian.org/security/2017/dsa-3868
- http://www.openldap.org/its/?findid=8655
- http://www.securityfocus.com/bid/98736
- http://www.securitytracker.com/id/1038591
- https://access.redhat.com/errata/RHSA-2017:1852
- https://bugs.debian.org/863563
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://www.oracle.com/security-alerts/cpuapr2022.html
Products affected by CVE-2017-9287
-
cpe:2.3:a:mcafee:policy_auditor:-
-
cpe:2.3:a:mcafee:policy_auditor:5.3.0
-
cpe:2.3:a:mcafee:policy_auditor:5.3.0.167
-
cpe:2.3:a:openldap:openldap:-
-
cpe:2.3:a:openldap:openldap:2.0
-
cpe:2.3:a:openldap:openldap:2.3.29
-
cpe:2.3:a:openldap:openldap:2.4
-
cpe:2.3:a:openldap:openldap:2.4.10
-
cpe:2.3:a:openldap:openldap:2.4.11
-
cpe:2.3:a:openldap:openldap:2.4.12
-
cpe:2.3:a:openldap:openldap:2.4.13
-
cpe:2.3:a:openldap:openldap:2.4.14
-
cpe:2.3:a:openldap:openldap:2.4.15
-
cpe:2.3:a:openldap:openldap:2.4.16
-
cpe:2.3:a:openldap:openldap:2.4.17
-
cpe:2.3:a:openldap:openldap:2.4.18
-
cpe:2.3:a:openldap:openldap:2.4.19
-
cpe:2.3:a:openldap:openldap:2.4.20
-
cpe:2.3:a:openldap:openldap:2.4.21
-
cpe:2.3:a:openldap:openldap:2.4.22
-
cpe:2.3:a:openldap:openldap:2.4.23
-
cpe:2.3:a:openldap:openldap:2.4.24
-
cpe:2.3:a:openldap:openldap:2.4.25
-
cpe:2.3:a:openldap:openldap:2.4.26
-
cpe:2.3:a:openldap:openldap:2.4.27
-
cpe:2.3:a:openldap:openldap:2.4.28
-
cpe:2.3:a:openldap:openldap:2.4.29
-
cpe:2.3:a:openldap:openldap:2.4.30
-
cpe:2.3:a:openldap:openldap:2.4.31
-
cpe:2.3:a:openldap:openldap:2.4.32
-
cpe:2.3:a:openldap:openldap:2.4.33
-
cpe:2.3:a:openldap:openldap:2.4.34
-
cpe:2.3:a:openldap:openldap:2.4.35
-
cpe:2.3:a:openldap:openldap:2.4.36
-
cpe:2.3:a:openldap:openldap:2.4.37
-
cpe:2.3:a:openldap:openldap:2.4.38
-
cpe:2.3:a:openldap:openldap:2.4.39
-
cpe:2.3:a:openldap:openldap:2.4.40
-
cpe:2.3:a:openldap:openldap:2.4.41
-
cpe:2.3:a:openldap:openldap:2.4.42
-
cpe:2.3:a:openldap:openldap:2.4.43
-
cpe:2.3:a:openldap:openldap:2.4.44
-
cpe:2.3:a:openldap:openldap:2.4.6
-
cpe:2.3:a:openldap:openldap:2.4.7
-
cpe:2.3:a:openldap:openldap:2.4.8
-
cpe:2.3:a:openldap:openldap:2.4.9
-
cpe:2.3:a:oracle:blockchain_platform:-
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_eus:7.5
-
cpe:2.3:o:redhat:enterprise_linux_eus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_eus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0