CVE-2017-17833

high-risk
Published 2018-04-23

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Do I need to act?

-
0.84% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Thinkserver Rd350G Firmware
Thinkserver Rd350X Firmware
Thinkserver Rd450X Firmware
Thinksystem Hr630X Firmware
Thinksystem Hr650X Firmware

Affected Vendors

Debian Redhat Openslp Canonical Lenovo

References (14)

Patch http://support.lenovo.com/us/en/solutions/LEN-18247
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2240
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2308
Issue Tracking https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
https://security.gentoo.org/glsa/202005-12
Patch https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b408...
Third Party Advisory https://usn.ubuntu.com/3708-1/
Patch http://support.lenovo.com/us/en/solutions/LEN-18247
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2240
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2308
Issue Tracking https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
https://security.gentoo.org/glsa/202005-12
Patch https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b408...
Third Party Advisory https://usn.ubuntu.com/3708-1/
60
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 25/34 · High