diff --git a/openslp-2.0.0-cve-2017-17833.patch b/openslp-2.0.0-cve-2017-17833.patch
new file mode 100644
index 0000000..eefce40
--- /dev/null
+++ b/openslp-2.0.0-cve-2017-17833.patch
@@ -0,0 +1,19 @@
+diff -up openslp-2.0.0/slpd/slpd_process.c.orig openslp-2.0.0/slpd/slpd_process.c
+--- openslp-2.0.0/slpd/slpd_process.c.orig	2018-05-09 13:08:06.185104375 +0200
++++ openslp-2.0.0/slpd/slpd_process.c	2018-05-09 13:07:21.017095089 +0200
+@@ -462,6 +462,15 @@ static int ProcessSrvRqst(SLPMessage * m
+          message->body.srvrqst.srvtype, 23, SLP_DA_SERVICE_TYPE) == 0)
+    {
+       errorcode = ProcessDASrvRqst(message, sendbuf, errorcode);
++
++      if (result != *sendbuf)
++      {
++         // The pointer stored at *sendbuf can be modified by a realloc
++         // operation in ProcessDASrvRqst().  Fix up the local copy of
++         // that pointer if necessary.
++         result = *sendbuf;
++      }
++
+       if (errorcode == 0)
+       {
+          /* Since we have an errorcode of 0, we were successful,
diff --git a/openslp.spec b/openslp.spec
index bb0cde9..0e51e0d 100644
--- a/openslp.spec
+++ b/openslp.spec
@@ -2,7 +2,7 @@
 Summary: Open implementation of Service Location Protocol V2
 Name:    openslp
 Version: 2.0.0
-Release: 17%{?dist}
+Release: 18%{?dist}
 
 License: BSD
 URL:     http://sourceforge.net/projects/openslp/
@@ -26,6 +26,10 @@ Patch4:  openslp-2.0.0-openssl-1.1-fix.patch
 # Patch5: fixes possible overflow in SLPFoldWhiteSpace,
 #   backported from upstream, CVE-2016-7567
 Patch5:  openslp-2.0.0-cve-2016-7567.patch
+# Patch6: fixes heap memory corruption in slpd/slpd_process.c, which allows
+#   denial of service or potentially code execution,
+#   backported form upstream, CVE-2017-17833
+Patch6:  openslp-2.0.0-cve-2017-17833.patch
 
 BuildRequires: automake libtool
 BuildRequires: bison
@@ -67,6 +71,7 @@ OpenSLP server daemon to dynamically register services.
 %patch3 -p1 -b .null-pointer-deref
 %patch4 -p1 -b .openssl-1.1-fix
 %patch5 -p1 -b .cve-2016-7567
+%patch6 -p1 -b .cve-2017-17833
 
 # tarball goof (?), it wants to re-automake anyway, so let's do it right.
 #libtoolize --force
@@ -170,6 +175,10 @@ rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
 
 
 %changelog
+* Wed May 09 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.0.0-18
+- Fix heap memory corruption, CVE-2017-17833
+  Related: #1572166
+
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild