659558 – (CVE-2018-12938) net-libs/openslp: Denial of Service and Remote Code Execution vulnerability (CVE-2018-12938)

Bug 659558 (CVE-2018-12938) - net-libs/openslp: Denial of Service and Remote Code Execution vulnerability (CVE-2018-12938)

Summary: net-libs/openslp: Denial of Service and Remote Code Execution vulnerability (...

Status:	RESOLVED DUPLICATE of bug 662878

Alias:	CVE-2018-12938

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://dumpco.re/blog/openslp-2.0.0-...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-06-29 03:03 UTC by Florian Schuhmacher
Modified:	2019-04-27 00:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Schuhmacher 2018-06-29 03:03:35 UTC

slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial of service (daemon crash) or possibly unauthenticated remote code execution. 

Gentoo Security Scout
Florian Schuhmacher

Comment 1 Yury German Gentoo Infrastructure

2019-04-27 00:05:38 UTC

CVE was issued for the same bug twice / pleas use CVE-2017-17833

*** This bug has been marked as a duplicate of bug 662878 ***