⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2019-5544

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow13 documents12 sources
Severity
9.8CRITICAL
EPSS
92.5%
top 0.27%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
16
Vmware Horizon DaasOpenslp OpenslpFedoraproject Fedora+13 more
Timeline
PublishedDec 6
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

NVDvmware/horizon_daas8.0.09.0.0.0
CVEListV5esxi_and_horizon_daasESXi 6.7 prior to patch release ESXi670-201912001, ESXi 6.5 prior to patch release ESXi650-201912001, ESXi 6.0 prior to patch release ESXi600-201912001 and Horizon DaaS 8.x prior to BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix.
NVDvmware/esxi6.0, 6.5, 6.7+2
Ubuntuopenslp-dfsg< 1.2.1-11ubuntu0.16.04.2+1
NVDopenslp/openslp2.0.0

Also affects: Fedora 30, 31, Enterprise Linux 6.0, 7.0, 7.7, 6.0_ppc64, 7.0_ppc64, 7.7_ppc64

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

4
GHSA
GHSA-4734-5452-r5fh: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue2022-05-24
CVEList
CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue2019-12-06
OSV
CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue2019-12-06
VulnCheck
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability2019

💥Exploits & PoCs

1
Nuclei
VMware ESXi SLP - Heap Overflow DoS

📋Vendor Advisories

5
CISA
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability2021-11-03
Ubuntu
OpenSLP vulnerability2021-04-19
Microsoft
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base scor2019-12-10
Red Hat
openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution2019-12-06
VMware
VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability (CVE-2019-5544)2019-12-05

💬Community

2
Bugzilla
CVE-2019-5544 openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution [fedora-all]2019-12-06
Bugzilla
CVE-2019-5544 openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution2019-11-28