Описание
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
A heap overflow vulnerability was found in OpenSLP. An attacker could use this flaw to gain remote code execution.
Отчет
This issue did not affect the versions of openslp as shipped with Red Hat Enterprise Linux 8 as they did not include the slpd service component.
Меры по смягчению последствий
There is no known mitigation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | openslp | Not affected | ||
| Red Hat Enterprise Linux 9 | openslp | Not affected | ||
| Red Hat Enterprise Linux 6 | openslp | Fixed | RHSA-2020:0199 | 22.01.2020 |
| Red Hat Enterprise Linux 7 | openslp | Fixed | RHSA-2019:4240 | 16.12.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap ove ...
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
EPSS
9.8 Critical
CVSS3