vulnerability
Oracle Linux: CVE-2017-17833: ELSA-2018-2240: openslp security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:A/AC:H/Au:N/C:C/I:C/A:C) | Apr 19, 2018 | Aug 1, 2018 | Dec 5, 2024 |
Severity
7
CVSS
(AV:A/AC:H/Au:N/C:C/I:C/A:C)
Published
Apr 19, 2018
Added
Aug 1, 2018
Modified
Dec 5, 2024
Description
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.
A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.
Solution(s)
oracle-linux-upgrade-openslporacle-linux-upgrade-openslp-develoracle-linux-upgrade-openslp-server

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.