CVE-2015-5177

Name of the Vulnerable Software and Affected Versions OpenSLP version 1.2.1 VMware ESXi (affected versions not specified)

Description The issue is related to a double free vulnerability in the SLPDKnownDAAdd function and a double free flaw in OpenSLP's SLPDProcessMessage() function. This could allow remote attackers to cause a denial of service (crash) or potentially execute code remotely on the ESXi host.

Recommendations For OpenSLP version 1.2.1, consider disabling the SLPDKnownDAAdd function as a temporary workaround until a patch is available. For VMware ESXi, restrict access to the SLPDProcessMessage() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.