Alpaquita Linux
Security Advisory

CVE-2017-9287

Published: August 31, 2023Last modified: August 31, 2023

Description

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

Severity score breakdown

ParameterValue
Base score6.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSopenldapNot affected (2.6.3-r6)
StreamopenldapNot affected (2.6.6-r0)

References

ON THIS PAGE