suse · CVE-2017-12173

Quick triage

Priority: low Published: 2021-05-30 13:59:38 UTC Updated: 2026-04-17 16:02:05 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-12173 severity low: SUSE including 399 source package names (libipa_hbac-1.15.2-50.el7_4.8, libipa_hbac-devel, …), 866 product×package rows across 62 product lines (SLES for SAP Applications 11 SP3, SUSE CaaS Platform 4.0, … (62 product lines)): Fixed 503, Known Not Affected 363.

Description:

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

cvelogic Threat Intelligence