First published: Mon May 29 2017(Updated: )
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat OpenLDAP Servers | <=2.4.44 | |
Debian Linux | =8.0 | |
Red Hat Enterprise Linux Desktop | =7.0 | |
Red Hat Enterprise Linux Server EUS | =7.4 | |
Red Hat Enterprise Linux Server EUS | =7.5 | |
Red Hat Enterprise Linux Server EUS | =7.6 | |
Red Hat Enterprise Linux Server EUS | =7.7 | |
Red Hat Enterprise Linux Server | =7.0 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =7.6 | |
Red Hat Enterprise Linux Server | =7.7 | |
Red Hat Enterprise Linux Server | =7.6 | |
Red Hat Enterprise Linux Server | =7.7 | |
Red Hat Enterprise Linux Workstation | =7.0 | |
McAfee Policy Auditor | <6.5.1 | |
Oracle Blockchain Platform | <21.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-9287 is classified as a moderate severity vulnerability due to the potential for denial of service.
To mitigate CVE-2017-9287, update OpenLDAP to version 2.4.45 or later where the vulnerability is resolved.
CVE-2017-9287 affects OpenLDAP versions up to 2.4.44 and specifically various versions of Debian and Red Hat Enterprise Linux.
CVE-2017-9287 is a double free vulnerability affecting the slapd daemon in OpenLDAP.
An attacker with access to search the directory can exploit CVE-2017-9287 to crash the slapd service.