9.8

CVE-2017-17833

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenslpOpenslp Version1.0.2
OpenslpOpenslp Version1.1.0
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
LenovoThinksystem Sr630 Firmware Version-
   LenovoThinksystem Sr630 Version-
LenovoStorage N3310 Firmware Version < 4.53.351
   LenovoStorage N3310 Version-
LenovoStorage N4610 Firmware Version < 4.53.351
   LenovoStorage N4610 Version-
LenovoCmm Version < 1.8.0
LenovoFan Power Controller Version < 30r-1.13
LenovoImm1 Version < 1.55
LenovoImm2 Version < 4.70
LenovoXclarity Administrator Version < 1.4.0
LenovoThinkserver Rd340 Firmware Version < 50.00
   LenovoThinkserver Rd340 Version-
LenovoThinkserver Rd350 Firmware Version < 4.53.351
   LenovoThinkserver Rd350 Version-
LenovoThinkserver Rd440 Firmware Version <= 50.00
   LenovoThinkserver Rd440 Version-
LenovoThinkserver Rd450 Firmware Version < 4.53.351
   LenovoThinkserver Rd450 Version-
LenovoThinkserver Rd550 Firmware Version < 4.53.351
   LenovoThinkserver Rd550 Version-
LenovoThinkserver Rd540 Firmware Version < 50.00
   LenovoThinkserver Rd540 Version-
LenovoThinkserver Rd640 Firmware Version < 50.00
   LenovoThinkserver Rd640 Version-
LenovoThinkserver Rd650 Firmware Version < 4.53.351
   LenovoThinkserver Rd650 Version-
LenovoThinkserver Rq750 Firmware Version < 1.40
   LenovoThinkserver Rq750 Version-
LenovoThinkserver Rs160 Firmware Version < 2.32
   LenovoThinkserver Rs160 Version-
LenovoThinkserver Sd350 Firmware Version-
   LenovoThinkserver Sd350 Version-
LenovoThinkserver Td340 Firmware Version < 46.00
   LenovoThinkserver Td340 Version-
LenovoThinkserver Td350 Firmware Version < 4.53.351
   LenovoThinkserver Td350 Version-
LenovoThinkserver Ts460 Firmware Version < 2.32
   LenovoThinkserver Ts460 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.15% 0.778
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html
Third Party Advisory
Mailing List
Issue Tracking
https://usn.ubuntu.com/3708-1/
Third Party Advisory