CVE-2017-17833

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
openslpopenslp
1.0.2
openslpopenslp
1.1.0
debiandebian_linux
7.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
lenovothinkserver_rd350g_firmware
-
lenovothinkserver_rd350x_firmware
-
lenovothinkserver_rd450x_firmware
-
lenovothinksystem_hr630x_firmware
-
lenovothinksystem_hr650x_firmware
-
lenovothinksystem_sr630_firmware
-
lenovoflex_system_fc3171_8gb_san_switch_firmware
𝑥
< 9.1.13.02.00
lenovostorage_n3310_firmware
𝑥
< 4.53.351
lenovostorage_n4610_firmware
𝑥
< 4.53.351
lenovobm_nextscale_fan_power_controller
𝑥
< 24p-2.15
lenovocmm
𝑥
< 1.8.0
lenovofan_power_controller
𝑥
< 30r-1.13
lenovoimm1
𝑥
< 1.55
lenovoimm2
𝑥
< 4.70
lenovoxclarity_administrator
𝑥
< 1.4.0
lenovothinkserver_rd340_firmware
𝑥
< 50.00
lenovothinkserver_rd350_firmware
𝑥
< 4.53.351
lenovothinkserver_rd440_firmware
𝑥
≤ 50.00
lenovothinkserver_rd450_firmware
𝑥
< 4.53.351
lenovothinkserver_rd550_firmware
𝑥
< 4.53.351
lenovothinkserver_rd540_firmware
𝑥
< 50.00
lenovothinkserver_rd640_firmware
𝑥
< 50.00
lenovothinkserver_rd650_firmware
𝑥
< 4.53.351
lenovothinkserver_rq750_firmware
𝑥
< 1.40
lenovothinkserver_rs160_firmware
𝑥
< 2.32
lenovothinkserver_sd350_firmware
-
lenovothinkserver_td340_firmware
𝑥
< 46.00
lenovothinkserver_td350_firmware
𝑥
< 4.53.351
lenovothinkserver_ts460_firmware
𝑥
< 2.32
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openslp-dfsg
bionic
dne
artful
Fixed 1.2.1-11ubuntu0.17.10.1
released
xenial
Fixed 1.2.1-11ubuntu0.16.04.1
released
trusty
Fixed 1.2.1-9ubuntu0.3
released
Common Weakness Enumeration
References
http://support.lenovo.com/us/en/solutions/LEN-18247
https://access.redhat.com/errata/RHSA-2018:2240
https://access.redhat.com/errata/RHSA-2018:2308
https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
https://security.gentoo.org/glsa/202005-12
https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
https://usn.ubuntu.com/3708-1/
http://support.lenovo.com/us/en/solutions/LEN-18247
https://access.redhat.com/errata/RHSA-2018:2240
https://access.redhat.com/errata/RHSA-2018:2308
https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
https://security.gentoo.org/glsa/202005-12
https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
https://usn.ubuntu.com/3708-1/