CVE-2019-5544

CVE Database · CVE-2019-5544

CVE-2019-5544

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

96.82%

Published

Dec 6, 2019

Modified

Oct 30, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

TrickestTrickest PoC index GitHub PoCdgh05t/VMware_ESXI_OpenSLP_PoCs★67 GitHub PoCHynekPetrak/CVE-2019-5544_CVE-2020-3992★49

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (260)

vmware · horizon_daas (up to 9.0.0.0)vulnerable

vmware · esxivulnerable

References (17)

http://www.openwall.com/lists/oss-security/2019/12/10/2

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/12/11/2

Mailing ListThird Party Advisory

http://www.vmware.com/security/advisories/VMSA-2019-0022.html

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2019:4240

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0199

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/

KEV Catalog EPSS Scores Vendors All CVEs