Base Score

CRITICAL9.8

CVE-2017-17833

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

VectorNETWORK

Published Bycve@mitre.org

Published DateApr 23, 2018, 18:29

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://support.lenovo.com/us/en/solutions/LEN-18247
https://access.redhat.com/errata/RHSA-2018:2240
https://access.redhat.com/errata/RHSA-2018:2308
https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
https://security.gentoo.org/glsa/202005-12
https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
https://usn.ubuntu.com/3708-1/

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH