Description
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
References (8)
Core 8
Core References
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98736
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3868
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1852
Broken Link vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038591
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://www.openldap.org/its/?findid=8655
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugs.debian.org/863563
Scores
CVSS v3
6.5
EPSS
0.2653
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-415
Status
published
Products (16)
debian/debian_linux
8.0
mcafee/policy_auditor
< 6.5.1
openldap/openldap
< 2.4.44
oracle/blockchain_platform
< 21.1.2
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_eus
7.4
redhat/enterprise_linux_eus
7.5
redhat/enterprise_linux_eus
7.6
redhat/enterprise_linux_eus
7.7
redhat/enterprise_linux_server
7.0
... and 6 more
Published
May 29, 2017
Tracked Since
Feb 18, 2026