openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution

🗓️ 23 Jul 2018 14:51:27Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

OpenSLP heap corruption via use-after-free in ProcessSrvRqst may cause denial of service or exec.

Reporter	Title	Published	Views	Family All 106
IBM Security Bulletins	Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833)	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833)	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in OpenSLP affects PowerKVM	17 Dec 201814:25	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in OpenSLP affects the IBM FlashSystem models V840 and V9000	28 Jun 201916:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru is affected by vulnerability in OpenSLP (CVE-2017-17833)	31 Jan 201902:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833)	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Chassis Management Module (CMM) is affected by OpenSLP vulnerability (CVE-2017-17833)	31 Jan 201902:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by OpenSLP vulnerability (CVE-2017-17833)	31 Jan 201902:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in OpenSLP (CVE-2017-17833)	7 Dec 202322:45	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	aarch64	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.aarch64.rpm
Red Hat Enterprise Linux	7	i686	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.i686.rpm
Red Hat Enterprise Linux	7	ppc	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.ppc.rpm
Red Hat Enterprise Linux	7	ppc64	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.ppc64le.rpm
Red Hat Enterprise Linux	7	s390	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.s390.rpm
Red Hat Enterprise Linux	7	s390x	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	openslp	1:2.0.0-7.el7_5	openslp-1:2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux	7	aarch64	openslp-debuginfo	1:2.0.0-7.el7_5	openslp-debuginfo-1:2.0.0-7.el7_5.aarch64.rpm
Red Hat Enterprise Linux	7	i686	openslp-debuginfo	1:2.0.0-7.el7_5	openslp-debuginfo-1:2.0.0-7.el7_5.i686.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2017-17833
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
dumpco	www.dumpco.re/blog/openslp-2.0.0-double-free
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-17833
cve	www.cve.org/CVERecord

21 Nov 2025 18:05Current

6.1Medium risk

Vulners AI Score6.1

CVSS 27.5

CVSS 39.8

EPSS0.0389

OpenSLP heap corruption use after free ProcessSrvRqst remote code execution denial of service