Published: 06/12/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A heap-based buffer overflow exists in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service.(CVE-2019-5544)

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware esxi 6.0
vmware esxi 6.5
vmware esxi 6.7
vmware horizon daas
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.7
redhat enterprise linux server aus 7.7
redhat enterprise linux server tus 7.7
openslp openslp 1.2.1
openslp openslp 2.0.0
fedoraproject fedora 30
fedoraproject fedora 31

Synopsis Critical: openslp security update Type/Severity Security Advisory: Critical Topic An update for openslp is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: openslp security update Type/Severity Security Advisory: Critical Topic An update for openslp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code wit ...

Python / scapy module implementing SRVLOC/SLP protocol and scans for enabled OpenSLP services.

Scanner for SLP services (CVE-2019-5544 CVE-2020-3992) Python script that implements SRVLOC/SLP protocol to scan for enabled OpenSLP services You may find it handy while searching for systems impacted by CVE-2019-5544, CVE-2020-3992 or CVE-2021-21974 More info on the VMware vulnerability you may find for instance here: blograpid7com/2020/11/11/vmware-esxi-openslp

CVE-2020-3992 & CVE-2019-5544

VMware_ESXI_OpenSLP_PoCs CVE-2020-3992 & CVE-2019-5544 Tested on ESXI installed on VMware Workstation If on real mechine, you may need to change the srvtype field (service:VMwareInfrastructure)

CWE-787 http://www.vmware.com/security/advisories/VMSA-2019-0022.html http://www.openwall.com/lists/oss-security/2019/12/10/2 http://www.openwall.com/lists/oss-security/2019/12/11/2 https://access.redhat.com/errata/RHSA-2019:4240 https://access.redhat.com/errata/RHSA-2020:0199 https://security.gentoo.org/glsa/202005-12 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/https://access.redhat.com/errata/RHSA-2020:0199 https://nvd.nist.gov https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992 https://alas.aws.amazon.com/AL2/ALAS-2019-1378.html

CVE-2019-5544

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect