9.8
CVE-2019-5544
- EPSS 93.04%
- Veröffentlicht 06.12.2019 16:15:11
- Zuletzt bearbeitet 07.02.2025 14:59:31
- Quelle security@vmware.com
- Teams Watchlist Login
- Unerledigt Login
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Horizon Daas Version >= 8.0.0 < 9.0.0.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Version6.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.7_s390x
Redhat ≫ Enterprise Linux For Power Big Endian Version6.0_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.7_ppc64
Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.7_ppc64le
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Eus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
SchwachstelleVMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.04% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.