Out-of-Bounds in openldap

Do your applications use this vulnerable package? Test your applications

Overview

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

References

CVE Details
Debian Security Tracker
MISC
OpenSuse Security Announcement
OpenSuse Security Announcement

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-17740
CWE: CWE-119
Snyk ID: SNYK-DEBIAN8-OPENLDAP-304664
Disclosed: 18 Dec, 2017
Published: 18 Dec, 2017

Out-of-Bounds
Affecting openldap package, versions *

Overview

References

CVSS Score

Out-of-Bounds Affecting openldap package, versions *

Overview

References

Out-of-Bounds
Affecting openldap package, versions *