PublicDateAtUSN: 2015-08-07
Candidate: CVE-2015-5177
PublicDate: 2017-10-22 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177
 https://ubuntu.com/security/notices/USN-2730-1
Description:
 Double free vulnerability in the SLPDKnownDAAdd function in
 slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a
 denial of service (crash) via a crafted package.
Ubuntu-Description:
Notes:
 sbeattie> fixed sometime between 1.2.1 and 2.0
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795429
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177
Priority: medium
Discovered-by: Qinghao Tang
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_openslp-dfsg:
 upstream: http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/
upstream_openslp-dfsg: released (2.0)
precise_openslp-dfsg: released (1.2.1-7.8ubuntu1.1)
trusty_openslp-dfsg: released (1.2.1-9ubuntu0.2)
trusty/esm_openslp-dfsg: released (1.2.1-9ubuntu0.2)
vivid_openslp-dfsg: released (1.2.1-10ubuntu0.1)
devel_openslp-dfsg: released (1.2.1-10ubuntu1)