logo
DATABASE RESOURCES PRICING ABOUT US

NewStart CGSL MAIN 4.05 : openslp Vulnerability (NS-SA-2019-0128)

Description

The remote NewStart CGSL host, running version MAIN 4.05, has openslp packages installed that are affected by a vulnerability: - A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution. (CVE-2017-17833) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related