Double Free

Affecting openldap package, versions <2.4.42+dfsg-2ubuntu3.2

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Ubuntu:16.04 relevant versions.

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

Remediation

Upgrade Ubuntu:16.04 openldap to version 2.4.42+dfsg-2ubuntu3.2 or higher.

References

CVSS Score

6.5
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE
CVE-2017-9287
CWE
CWE-415
Snyk ID
SNYK-UBUNTU1604-OPENLDAP-304595
Disclosed
29 May, 2017
Published
29 May, 2017