This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openslp First view 2005-05-02
Product Openslp Last view 2019-12-06
Version 1.2.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:openslp:openslp

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-12-06 CVE-2019-5544

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

7.5 2019-12-02 CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

7.5 2017-10-22 CVE-2015-5177

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

5 2011-03-11 CVE-2010-3609

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

7.5 2005-05-02 CVE-2005-0769

Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-787 Out-of-bounds Write
33% (1) CWE-415 Double Free
33% (1) CWE-125 Out-of-bounds Read

Open Source Vulnerability Database (OSVDB)

id Description
71019 VMware ESX Server / ESXi Service Location Protocol Daemon Unspecified DoS
14766 OpenSLP Multiple Unspecified Overflows

OpenVAS Exploits

id Description
2012-08-24 Name : Mandriva Update for openslp MDVSA-2012:141 (openslp)
File : nvt/gb_mandriva_MDVSA_2012_141.nasl
2012-03-16 Name : VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX...
File : nvt/gb_VMSA-2011-0004.nasl
2011-05-10 Name : Ubuntu Update for openslp-dfsg USN-1118-1
File : nvt/gb_ubuntu_USN_1118_1.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-25 (OpenSLP)
File : nvt/glsa_200503_25.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Nessus® Vulnerability Scanner

id Description
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-05.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0004_remote.nasl - Type: ACT_GATHER_INFO
2015-11-19 Name: The remote VMware ESXi host is affected by a remote code execution vulnerabil...
File: vmware_esxi_5_5_build_3029944_remote.nasl - Type: ACT_GATHER_INFO
2015-11-19 Name: The remote VMware ESXi host is affected by a remote code execution vulnerabil...
File: vmware_esxi_5_1_build_3021178_remote.nasl - Type: ACT_GATHER_INFO
2015-11-19 Name: The remote VMware ESXi host is affected by a remote code execution vulnerabil...
File: vmware_esxi_5_0_build_3021432_remote.nasl - Type: ACT_GATHER_INFO
2015-10-03 Name: The remote VMware ESXi host is missing a security-related patch.
File: vmware_VMSA-2015-0007.nasl - Type: ACT_GATHER_INFO
2015-09-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3353.nasl - Type: ACT_GATHER_INFO
2015-09-04 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2730-1.nasl - Type: ACT_GATHER_INFO
2015-09-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-304.nasl - Type: ACT_GATHER_INFO
2015-05-29 Name: The remote Fedora host is missing a security update.
File: fedora_2015-7561.nasl - Type: ACT_GATHER_INFO
2015-05-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-0922-1.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_openslp-101012.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-111.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2012-141.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1118-1.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_openslp-101012.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_openslp-101012.nasl - Type: ACT_GATHER_INFO
2011-03-08 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2011-0004.nasl - Type: ACT_GATHER_INFO
2011-01-21 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_openslp-101012.nasl - Type: ACT_GATHER_INFO
2010-12-02 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_openslp-101013.nasl - Type: ACT_GATHER_INFO
2010-11-30 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_openslp-7187.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_33508.nasl - Type: ACT_GATHER_INFO
2005-03-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200503-25.nasl - Type: ACT_GATHER_INFO
2005-03-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-055.nasl - Type: ACT_GATHER_INFO