CVE-2017-17740
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0164
Percentile
0,8th
Updated
EPSS Score Trend (Last 90 Days)
119
Improper Restriction of Operations within the Bounds of a Memory Buffer
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Memory
Read Memory
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Applicable Platforms
Languages:
Assembly, C, C++, Memory-Unsafe
Application
Openldap by Openldap
Version Range Affected
To
2.4.45
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Leap by Opensuse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Policy Auditor by Mcafee
Version Range Affected
To
6.5.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Blockchain Platform by Oracle
Version Range Affected
To
21.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Leap by Opensuse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2022.html
http://www.openldap.org/its/index.cgi/Incoming?id=8759
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2022.html
http://www.openldap.org/its/index.cgi/Incoming?id=8759