First published: Mon Dec 18 2017(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Openldap Openldap | <=2.4.45 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Oracle Blockchain Platform | <21.1.2 | |
McAfee Policy Auditor | <6.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-17740 is a vulnerability in OpenLDAP through version 2.4.45 that allows remote attackers to cause a denial of service (slapd crash) by exploiting a buffer free operation.
CVE-2017-17740 has a severity rating of 7.5 (high).
Openldap (version 2.4.45), openSUSE Leap 15.0, openSUSE Leap 15.1, Oracle Blockchain Platform (up to version 21.1.2), and McAfee Policy Auditor (up to version 6.5.1) are affected by CVE-2017-17740.
CVE-2017-17740 can be exploited by enabling both the nops module and the memberof overlay in OpenLDAP, which causes a buffer that was allocated on the stack to be freed, leading to a denial of service.
Yes, you can refer to the following links for more information: [http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html](http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html) and [http://www.openldap.org/its/index.cgi/Incoming?id=8759](http://www.openldap.org/its/index.cgi/Incoming?id=8759).