CVE-2017-17833
CRITICALOpenSLP 1.0.2 and 1.1.0 - Remote Code Execution or Denial of Service via Heap Memory Corruption
Title source: llmDescription
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3708-1/
Patch, Third Party Advisory x_refsource_confirm
https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
Patch, Third Party Advisory x_refsource_confirm
http://support.lenovo.com/us/en/solutions/LEN-18247
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2308
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2240
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202005-12
Scores
CVSS v3
9.8
EPSS
0.0084
EPSS Percentile
75.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (44)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
debian/debian_linux
7.0
lenovo/bm_nextscale_fan_power_controller
< 24p-2.15
lenovo/cmm
< 1.8.0
lenovo/fan_power_controller
< 30r-1.13
lenovo/flex_system_fc3171_8gb_san_switch_firmware
< 9.1.13.02.00
lenovo/imm1
< 1.55
lenovo/imm2
< 4.70
lenovo/storage_n3310_firmware
< 4.53.351
... and 34 more
Published
Apr 23, 2018
Tracked Since
Feb 18, 2026