CVE-2017-17833

Name: CVE-2017-17833
Creator: NVD / NIST
Published: 2018-04-23T18:29:00.663+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.89%

Last modified Jun 17, 2026

CVE-2017-17833 is a vulnerability of currently unknown severity. OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.. EPSS estimates a 3.89% chance of exploitation in the next 30 days.

Description

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Metrics

EPSS Probability

3.89%

88.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Openslp	Openslp	1.0.2
Openslp	Openslp	1.1.0
Debian	Debian Linux	7.0
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.6
Redhat	Enterprise Linux Server Eus	7.5
Redhat	Enterprise Linux Server Eus	7.6
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	6.0
Redhat	Enterprise Linux Workstation	7.0
Lenovo	Thinkserver Rd350g Firmware	All versions
Lenovo	Thinkserver Rd350x Firmware	All versions
Lenovo	Thinkserver Rd450x Firmware	All versions
Lenovo	Thinksystem Hr630x Firmware	All versions
Lenovo	Thinksystem Hr650x Firmware	All versions
Lenovo	Thinksystem Sr630 Firmware	All versions
Lenovo	Flex System Fc3171 8gb San Switch Firmware	< 9.1.13.02.00
Lenovo	Storage N3310 Firmware	< 4.53.351
Lenovo	Storage N4610 Firmware	< 4.53.351
Lenovo	Bm Nextscale Fan Power Controller	< 24p-2.15
Lenovo	Cmm	< 1.8.0
Lenovo	Fan Power Controller	< 30r-1.13
Lenovo	Imm1	< 1.55
Lenovo	Imm2	< 4.70
Lenovo	Xclarity Administrator	< 1.4.0
Lenovo	Thinkserver Rd340 Firmware	< 50.00
Lenovo	Thinkserver Rd350 Firmware	< 4.53.351
Lenovo	Thinkserver Rd440 Firmware	<= 50.00
Lenovo	Thinkserver Rd450 Firmware	< 4.53.351
Lenovo	Thinkserver Rd550 Firmware	< 4.53.351
Lenovo	Thinkserver Rd540 Firmware	< 50.00
Lenovo	Thinkserver Rd640 Firmware	< 50.00
Lenovo	Thinkserver Rd650 Firmware	< 4.53.351
Lenovo	Thinkserver Rq750 Firmware	< 1.40
Lenovo	Thinkserver Rs160 Firmware	< 2.32
Lenovo	Thinkserver Sd350 Firmware	All versions
Lenovo	Thinkserver Td340 Firmware	< 46.00
Lenovo	Thinkserver Td350 Firmware	< 4.53.351
Lenovo	Thinkserver Ts460 Firmware	< 2.32

References

http://support.lenovo.com/us/en/solutions/LEN-18247Patch, Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2240Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2308Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/04/msg00029.htmlIssue Tracking, Mailing List, Third Party Advisory
https://security.gentoo.org/glsa/202005-12
https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/Patch, Third Party Advisory
https://usn.ubuntu.com/3708-1/Third Party Advisory
http://support.lenovo.com/us/en/solutions/LEN-18247Patch, Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2240Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2308Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/04/msg00029.htmlIssue Tracking, Mailing List, Third Party Advisory
https://security.gentoo.org/glsa/202005-12
https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/Patch, Third Party Advisory
https://usn.ubuntu.com/3708-1/Third Party Advisory

Timeline

Published: Apr 23, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-17833?

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

How severe is CVE-2017-17833?

Severity scoring for CVE-2017-17833 is pending analysis. The EPSS model estimates a 3.89% probability of exploitation in the next 30 days.

How do I fix CVE-2017-17833?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17833?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST