MidnightBSD

Advisories for openslp

CVE-2003-0875 LOW

Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openslp openslp *
CVE-2005-0769 HIGH

Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openslp openslp 1.0.4
openslp openslp 1.0.5
openslp openslp 1.0.3
openslp openslp 1.1.5
openslp openslp 1.0.2
openslp openslp 1.0.7
openslp openslp 1.0.9_a
openslp openslp 1.0.6
openslp openslp 1.0_.0
openslp openslp 1.2.1
openslp openslp 1.0.1
openslp openslp 1.0.11
openslp openslp 1.0.10
openslp openslp 1.2_.0
openslp openslp 1.0.8_a
CVE-2010-3609 MEDIUM

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware esx 4.0
openslp openslp 1.2.1
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
CVE-2015-5177 MEDIUM

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openslp openslp 1.2.1
debian debian_linux 7.0
CVE-2016-4912 MEDIUM

The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
openslp openslp 2.0.0
CVE-2016-7567 HIGH

Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openslp openslp 2.0.0
CVE-2017-17833 HIGH

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
lenovo flex_system_fc3171_8gb_san_switch_firmware *
lenovo fan_power_controller *
lenovo thinkserver_rd540_firmware *
canonical ubuntu_linux 14.04
lenovo bm_nextscale_fan_power_controller *
redhat enterprise_linux_desktop 6.0
lenovo thinkserver_rd650_firmware *
lenovo thinkserver_rd640_firmware *
lenovo thinkserver_sd350_firmware -
openslp openslp 1.1.0
lenovo thinkserver_ts460_firmware *
lenovo thinkserver_td350_firmware *
lenovo imm1 *
lenovo thinksystem_hr650x_firmware -
lenovo thinkserver_rd340_firmware *
lenovo storage_n3310_firmware *
lenovo thinkserver_rq750_firmware *
lenovo thinksystem_sr630_firmware -
redhat enterprise_linux_server 6.0
lenovo thinkserver_rd450x_firmware -
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 16.04
lenovo thinkserver_rd350x_firmware -
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_desktop 7.0
debian debian_linux 7.0
openslp openslp 1.0.2
lenovo thinkserver_rd350_firmware *
lenovo xclarity_administrator *
lenovo storage_n4610_firmware *
lenovo cmm *
lenovo thinkserver_rs160_firmware *
lenovo thinkserver_rd450_firmware *
lenovo thinkserver_td340_firmware *
lenovo thinkserver_rd550_firmware *
lenovo thinkserver_rd440_firmware *
lenovo thinkserver_rd350g_firmware -
redhat enterprise_linux_server_eus 7.5
lenovo imm2 *
lenovo thinksystem_hr630x_firmware -
redhat enterprise_linux_server_eus 7.6
CVE-2019-5544 HIGH

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_for_ibm_z_systems_eus 7.7_s390x
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
vmware esxi 6.5
vmware esxi 6.7
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
openslp openslp 2.0.0
redhat enterprise_linux_desktop 6.0
fedoraproject fedora 31
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_for_power_little_endian_eus 7.7_ppc64le
openslp openslp 1.2.1
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_server 6.0
vmware esxi 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
openslp openslp *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_ibm_z_systems 6.0_s390x
fedoraproject fedora 30
vmware horizon_daas *
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le