CVE-2017-9287

Priority
Medium
Description
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the directory can
crash slapd by issuing a search including the Paged Results control with a
page size of 0.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (2.4.44+dfsg-5)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.4.44+dfsg-5ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (2.4.31-1+nmu2ubuntu8.4)
Ubuntu Touch 15.04:ignored (reached end-of-life)
Ubuntu Core 15.04:needed
Ubuntu 16.04 LTS (Xenial Xerus):released (2.4.42+dfsg-2ubuntu3.2)
Ubuntu 16.10 (Yakkety Yak):released (2.4.42+dfsg-2ubuntu4.1)
Ubuntu 17.04 (Zesty Zapus):released (2.4.44+dfsg-3ubuntu2.1)
Patches:
Upstream:https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
More Information

Updated: 2017-06-15 16:17:19 UTC (commit 12747)