PT-2015-6792 · Openslp+3 · Openslp+3

Qinghao Tang

Published

2015-08-07

Updated

2018-11-28

CVE-2015-5177

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenSLP version 1.2.1 VMware ESXi (affected versions not specified)

Description The issue is related to a double free vulnerability in the SLPDKnownDAAdd function and a double free flaw in OpenSLP's SLPDProcessMessage() function. This could allow remote attackers to cause a denial of service (crash) or potentially execute code remotely on the ESXi host.

Recommendations For OpenSLP version 1.2.1, consider disabling the SLPDKnownDAAdd function as a temporary workaround until a patch is available. For VMware ESXi, restrict access to the SLPDProcessMessage() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2018-2713

CVE-2015-5177

DLA-304-1

DSA-3353-1

USN-2730-1

Affected Products

Alt Linux

Openslp

Ubuntu

Vmware Esxi

PT-2015-6792 · Openslp+3 · Openslp+3

CVE-2015-5177

Weakness Enumeration

Related Identifiers

Affected Products

References · 25