CVE-2010-3609

2011-03-1117:55:02

certcc

web.nvd.nist.gov

openslp

cve-2010-3609

denial of service

slpd

vmware esx

esxi

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.2

Confidence

High

EPSS

0.371

Percentile

97.2%

JSON

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a “next extension offset” that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

openslpopenslpMatch1.2.1

vmwareesxMatch4.0

vmwareesxMatch4.1

vmwareesxiMatch4.0

vmwareesxiMatch4.1

VendorProductVersionCPE
openslpopenslp1.2.1cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*
vmwareesx4.0cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
vmwareesx4.1cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
vmwareesxi4.0cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
vmwareesxi4.1cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openslp	openslp	1.2.1	cpe:2.3:a:openslp:openslp:1.2.1:::::::*
vmware	esx	4.0	cpe:2.3:a:vmware:esx:4.0:::::::*
vmware	esx	4.1	cpe:2.3:a:vmware:esx:4.1:::::::*
vmware	esxi	4.0	cpe:2.3:a:vmware:esxi:4.0:::::::*
vmware	esxi	4.1	cpe:2.3:a:vmware:esxi:4.1:::::::*