CVE-2017-17740

Published: 18 December 2017

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
openldap Launchpad, Ubuntu, Debian	artful	Not vulnerable
	precise	Not vulnerable
	trusty	Not vulnerable
	upstream	Needs triage
	xenial	Not vulnerable
	zesty	Not vulnerable

Notes

Author	Note
ratliff	nops module does not get built

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740
http://www.openldap.org/its/index.cgi/Incoming?id=8759
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›