CVE-2017-17833

Impact:
Important
Public Date:
2018-04-19
CWE:
CWE-416
Bugzilla:
1572166: CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution
A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.

Find out more about CVE-2017-17833 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Adjacent Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (openslp) RHSA-2018:2308 2018-07-31
Red Hat Enterprise Linux 7 (openslp) RHSA-2018:2240 2018-07-23

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 openslp Not affected

External References

Last Modified