A heap-based buffer overflow exists in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service.(CVE-2019-5544)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware esxi 6.0 |
||
vmware esxi 6.5 |
||
vmware esxi 6.7 |
||
vmware horizon daas |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server eus 7.7 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.7 |
||
openslp openslp 1.2.1 |
||
openslp openslp 2.0.0 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |