CVE-2010-3609

CVE Database · CVE-2010-3609

CVE-2010-3609

· N/AModified

CVSS v3.1

N/A

EPSS

17.22%

Published

Mar 11, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBOpenSLP 1.2.1 / < 1647 trunk - Denial of Service

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Affected Products (5)

openslp · openslpvulnerable

vmware · esxvulnerable

vmware · esxivulnerable

References (20)

http://lists.vmware.com/pipermail/security-announce/2011/000126.html

http://secunia.com/advisories/43601

Vendor Advisory

http://secunia.com/advisories/43742

Vendor Advisory

http://securityreason.com/securityalert/8127

http://securitytracker.com/id?1025168