CVE-2017-9287 - log back

CVE-2017-9287 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A double-free flaw was found in the way OpenLDAP's slapd server <= 2.4.44 using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query by including the Paged Results control with a page size of 0.
References
+ http://www.openldap.org/its/?findid=8655
+ https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
Notes