Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3609 — Infinite Loop in Openslp

9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

35.5%

top 2.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openslp Vmware ESX Vmware Esxi

Timeline

PublishedMar 11

Latest updateMay 14

Description

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDvmware/esxi4.0, 4.1+1

▶NVDvmware/esx4.0, 4.1+1

▶NVDopenslp/openslp1.2.1

🔴Vulnerability Details

GHSA

GHSA-h733-hjhg-3p5j: The extension parser in slp_v2message↗2022-05-14

▶

CVEList

CVE-2010-3609: The extension parser in slp_v2message↗2011-03-11

▶

💥Exploits & PoCs

Exploit-DB

OpenSLP 1.2.1 / < 1647 trunk - Denial of Service↗2011-08-05

▶

📋Vendor Advisories

Red Hat

openslp: Packet with crafted "nextoffset" and "extid" values causes DoS↗2015-09-16

▶

Ubuntu

OpenSLP vulnerability↗2011-04-20

▶

💬Community

Bugzilla

CVE-2010-3609 openslp: denial of service vulnerability [epel-5]↗2011-07-13

▶

Bugzilla

CVE-2010-3609 openslp: denial of service vulnerability [fedora-all]↗2011-07-13

▶

Bugzilla

CVE-2010-3609 openslp: denial of service vulnerability↗2011-03-11

▶