CVE-2017-17833: Buffer Overflow
First published: Mon Apr 23 2018(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openslp-dfsg | ||
| CentOS OpenSLP Server | =1.0.2 | |
| CentOS OpenSLP Server | =1.1.0 | |
| Debian | =7.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| All of | ||
| Lenovo ThinkServer RD350G | ||
| Lenovo ThinkServer RD350G Firmware | ||
| All of | ||
| Lenovo ThinkServer RD350x | ||
| Lenovo ThinkServer RD350x | ||
| All of | ||
| Lenovo ThinkServer RD450X Firmware | ||
| Lenovo ThinkServer RD450X | ||
| All of | ||
| Lenovo ThinkSystem HR630X (SKL) Firmware | ||
| Lenovo ThinkSystem HR630X (SKL) Firmware | ||
| All of | ||
| Lenovo ThinkSystem HR650X (SKL) Firmware | ||
| Lenovo ThinkSystem HR650X Firmware | ||
| All of | ||
| Lenovo ThinkSystem SR630 Firmware | ||
| Lenovo ThinkSystem SR630 Firmware | ||
| All of | ||
| Lenovo Flex System FC3171 8Gb SAN Switch | <9.1.13.02.00 | |
| Lenovo Flex System FC3171 8Gb SAN Switch | ||
| All of | ||
| Lenovo Storage N3310 | <4.53.351 | |
| Lenovo Storage N3310 Firmware | ||
| All of | ||
| Lenovo n4610 storage firmware | <4.53.351 | |
| Lenovo n4610 storage firmware | ||
| IBM NextScale Fan Power Controller | <24p-2.15 | |
| Lenovo Chassis Management Module | <1.8.0 | |
| Lenovo ThinkSmart Core & Controller Full Room Kit | <30r-1.13 | |
| Lenovo IMM1 | <1.55 | |
| Lenovo Integrated Management Module 2 | <4.70 | |
| Lenovo XClarity Administrator | <1.4.0 | |
| All of | ||
| Lenovo ThinkServer RD340 | <50.00 | |
| Lenovo ThinkServer RD340 | ||
| All of | ||
| Lenovo ThinkServer RD350 Firmware | <4.53.351 | |
| Lenovo ThinkServer RD350 | ||
| All of | ||
| Lenovo ThinkServer RD440 | <=50.00 | |
| Lenovo ThinkServer RD440 | ||
| All of | ||
| Lenovo ThinkServer RD450 | <4.53.351 | |
| Lenovo ThinkServer RD450 | ||
| All of | ||
| Lenovo ThinkServer RD550 | <4.53.351 | |
| Lenovo ThinkServer RD550 | ||
| All of | ||
| Lenovo ThinkServer RD540 | <50.00 | |
| Lenovo ThinkServer RD540 | ||
| All of | ||
| Lenovo ThinkServer RD640 | <50.00 | |
| Lenovo ThinkServer RD640 | ||
| All of | ||
| Lenovo ThinkServer RD650 | <4.53.351 | |
| Lenovo ThinkServer RD650 | ||
| All of | ||
| Lenovo ThinkServer RQ750 | <1.40 | |
| Lenovo ThinkServer RQ750 | ||
| All of | ||
| Lenovo ThinkServer RS160 Firmware | <2.32 | |
| Lenovo ThinkServer RS160 Firmware | ||
| All of | ||
| Lenovo ThinkServer SD350 | ||
| Lenovo ThinkServer SD350 | ||
| All of | ||
| Lenovo ThinkServer TD340 | <46.00 | |
| Lenovo ThinkServer TD340 Firmware | ||
| All of | ||
| Lenovo ThinkServer TD350 | <4.53.351 | |
| Lenovo ThinkServer TD350 | ||
| All of | ||
| Lenovo ThinkServer TS460 | <2.32 | |
| Lenovo ThinkServer TS460 | ||
| Lenovo ThinkServer RD350G | ||
| Lenovo ThinkServer RD350G Firmware | ||
| Lenovo ThinkServer RD350x | ||
| Lenovo ThinkServer RD350x | ||
| Lenovo ThinkServer RD450X Firmware | ||
| Lenovo ThinkServer RD450X | ||
| Lenovo ThinkSystem HR630X (SKL) Firmware | ||
| Lenovo ThinkSystem HR630X (SKL) Firmware | ||
| Lenovo ThinkSystem HR650X (SKL) Firmware | ||
| Lenovo ThinkSystem HR650X Firmware | ||
| Lenovo ThinkSystem SR630 Firmware | ||
| Lenovo ThinkSystem SR630 Firmware | ||
| Lenovo Flex System FC3171 8Gb SAN Switch | <9.1.13.02.00 | |
| Lenovo Flex System FC3171 8Gb SAN Switch | ||
| Lenovo Storage N3310 | <4.53.351 | |
| Lenovo Storage N3310 Firmware | ||
| Lenovo n4610 storage firmware | <4.53.351 | |
| Lenovo n4610 storage firmware | ||
| Lenovo ThinkServer RD340 | <50.00 | |
| Lenovo ThinkServer RD340 | ||
| Lenovo ThinkServer RD350 Firmware | <4.53.351 | |
| Lenovo ThinkServer RD350 | ||
| Lenovo ThinkServer RD440 | <=50.00 | |
| Lenovo ThinkServer RD440 | ||
| Lenovo ThinkServer RD450 | <4.53.351 | |
| Lenovo ThinkServer RD450 | ||
| Lenovo ThinkServer RD550 | <4.53.351 | |
| Lenovo ThinkServer RD550 | ||
| Lenovo ThinkServer RD540 | <50.00 | |
| Lenovo ThinkServer RD540 | ||
| Lenovo ThinkServer RD640 | <50.00 | |
| Lenovo ThinkServer RD640 | ||
| Lenovo ThinkServer RD650 | <4.53.351 | |
| Lenovo ThinkServer RD650 | ||
| Lenovo ThinkServer RQ750 | <1.40 | |
| Lenovo ThinkServer RQ750 | ||
| Lenovo ThinkServer RS160 Firmware | <2.32 | |
| Lenovo ThinkServer RS160 Firmware | ||
| Lenovo ThinkServer SD350 | ||
| Lenovo ThinkServer SD350 | ||
| Lenovo ThinkServer TD340 | <46.00 | |
| Lenovo ThinkServer TD340 Firmware | ||
| Lenovo ThinkServer TD350 | <4.53.351 | |
| Lenovo ThinkServer TD350 | ||
| Lenovo ThinkServer TS460 | <2.32 | |
| Lenovo ThinkServer TS460 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.lenovo.com/us/en/solutions/LEN-18247
- https://access.redhat.com/errata/RHSA-2018:2240
- https://access.redhat.com/errata/RHSA-2018:2308
- https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
- https://security.gentoo.org/glsa/202005-12
- https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
- https://usn.ubuntu.com/3708-1/
- https://launchpad.net/bugs/cve/CVE-2017-17833
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1572167
- https://dumpco.re/blog/openslp-2.0.0-double-free
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1596450
- https://access.redhat.com/security/cve/CVE-2018-12938
- https://bugzilla.redhat.com/show_bug.cgi?id=1572166
- https://security-tracker.debian.org/tracker/CVE-2017-17833
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17833
- https://nvd.nist.gov/vuln/detail/CVE-2017-17833
- https://ubuntu.com/security/CVE-2017-17833
Frequently Asked Questions
What is the severity of CVE-2017-17833?
CVE-2017-17833 is classified as having a high severity due to its potential to cause remote code execution and denial of service.
How do I fix CVE-2017-17833?
To fix CVE-2017-17833, users should update to the patched versions of OpenSLP as provided by their respective distribution.
Which software is affected by CVE-2017-17833?
CVE-2017-17833 affects OpenSLP versions 1.0.2 and 1.1.0, and various Linux distributions including Debian and Red Hat.
Can CVE-2017-17833 result in data loss?
Yes, CVE-2017-17833 can potentially lead to data loss through remote code execution under certain conditions.
Is there any proof of concept available for CVE-2017-17833?
Yes, there are proof of concept exploits available demonstrating the vulnerability of CVE-2017-17833, highlighting its risks.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-17833
- agent/remedy
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/openslp
- canonical/centos openslp server
- version/centos openslp server/1.0.2
- version/centos openslp server/1.1.0
- vendor/debian
- canonical/debian
- version/debian/7.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0
- vendor/lenovo
- canonical/lenovo thinkserver rd350g
- canonical/lenovo thinkserver rd350g firmware
- canonical/lenovo thinkserver rd350x
- canonical/lenovo thinkserver rd450x firmware
- canonical/lenovo thinkserver rd450x
- canonical/lenovo thinksystem hr630x (skl) firmware
- canonical/lenovo thinksystem hr650x (skl) firmware
- canonical/lenovo thinksystem hr650x firmware
- canonical/lenovo thinksystem sr630 firmware
- canonical/lenovo flex system fc3171 8gb san switch
- canonical/lenovo storage n3310
- canonical/lenovo storage n3310 firmware
- canonical/lenovo n4610 storage firmware
- canonical/ibm nextscale fan power controller
- canonical/lenovo chassis management module
- canonical/lenovo thinksmart core & controller full room kit
- canonical/lenovo imm1
- canonical/lenovo integrated management module 2
- canonical/lenovo xclarity administrator
- canonical/lenovo thinkserver rd340
- canonical/lenovo thinkserver rd350 firmware
- canonical/lenovo thinkserver rd350
- canonical/lenovo thinkserver rd440
- version/lenovo thinkserver rd440/50.00
- canonical/lenovo thinkserver rd450
- canonical/lenovo thinkserver rd550
- canonical/lenovo thinkserver rd540
- canonical/lenovo thinkserver rd640
- canonical/lenovo thinkserver rd650
- canonical/lenovo thinkserver rq750
- canonical/lenovo thinkserver rs160 firmware
- canonical/lenovo thinkserver sd350
- canonical/lenovo thinkserver td340
- canonical/lenovo thinkserver td340 firmware
- canonical/lenovo thinkserver td350
- canonical/lenovo thinkserver ts460