CVE-2017-17740

Priority
Low
Description
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the
nops module and the memberof overlay are enabled, attempts to free a buffer
that was allocated on the stack, which allows remote attackers to cause a
denial of service (slapd crash) via a member MODDN operation.
References
Notes
 ratliff> nops module does not get built
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2017-12-18 23:14:16 UTC (commit 13919)