Vulnerability CVE-2016-4912: Information
Description
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openslp | sisyphus | 2.0.0-alt2 | 2.0.0-alt4 | ALT-PU-2018-2751-1 | 217162 | Fixed |
openslp | p10 | 2.0.0-alt2 | 2.0.0-alt3 | ALT-PU-2018-2751-1 | 217162 | Fixed |
openslp | p9 | 2.0.0-alt2 | 2.0.0-alt2 | ALT-PU-2018-2751-1 | 217162 | Fixed |
openslp | c10f1 | 2.0.0-alt2 | 2.0.0-alt3 | ALT-PU-2018-2751-1 | 217162 | Fixed |
openslp | c9f2 | 2.0.0-alt2 | 2.0.0-alt3 | ALT-PU-2018-2751-1 | 217162 | Fixed |
openslp | p11 | 2.0.0-alt2 | 2.0.0-alt4 | ALT-PU-2018-2751-1 | 217162 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1329295 |
|
1035916 |
|
[oss-security] 20160518 Re: CVE Request: null pointer deref in openslp, can be triggered remotely |
|
GLSA-201707-05 |