CVE-2017-17740
Published: 18 December 2017
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
Priority
CVSS 3 base score: 7.5
Notes
Author | Note |
---|---|
ratliff | nops module does not get built |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740
- http://www.openldap.org/its/index.cgi/Incoming?id=8759
- NVD
- Launchpad
- Debian