MiracleLinux 4 : openslp-2.0.0-3.AXS4 (AXSA:2018-3270:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3270:01 advisory. openslp: Heap memory corruption in slpd/slpdprocess.c allows denial of service or potentially code execution CVE-2017-17833 Tenable has extracted the precedi...

CVE-2024-41660

slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon o...

EUVD-2003-0865

Malware in sbrugna...

EUVD-2003-0868

Malware in sbrugna...

EUVD-2024-39116

Malicious code in bioql PyPI...

CVE-2024-41660

slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon o...

CVE-2024-41660

CVE-2024-41660 affects OpenBMC slpd-lite, a unicast SLP UDP server. The root cause is a buffer overflow due to improper bounds checking in the slpd-lite daemon, allowing a remote attacker to overflow memory by sending crafted UDP packets to port 427 on the BMC. Documented impacts include memory c...

CVE-2024-41660 slpd-lite unauthenticated memory corruption

slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon o...

CVE-2024-41660 slpd-lite unauthenticated memory corruption

slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon o...

CVE-2024-41660 slpd-lite unauthenticated memory corruption

slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon o...

PT-2024-5773 · Openbmc · Openbmc

Name of the Vulnerable Software and Affected Versions: OpenBMC versions affected versions not specified Description: The issue is related to a memory overflow problem in the slpd-lite daemon, which is a unicast SLP UDP server. This can be exploited by sending specially crafted SLP packets to the...

SUSE CVE-2015-5177

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpdknownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service crash via a crafted package...

Updated openslp packages fix security vulnerability

A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...

openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution

A heap overflow vulnerability was found in OpenSLP. An attacker could use this flaw to gain remote code execution...

openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution

A heap overflow vulnerability was found in OpenSLP. An attacker could use this flaw to gain remote code execution...

openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution

A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution...

OpenSLP 2.0.0 - Double-Free

''' | | | | | | | || | | | | -| | . | . | | . | . | | | . | | -| | | | -| -| ||| || ||||||| || || ||| || 2018-06-28 SLPD DOUBLE FREE ================ CVE-2018-12938 An issue was found in openslp-2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc's...

openslp 2.0.0 Double Free

Reference: https://dumpco.re/blog/openslp-2.0.0-double-free 2018-06-28 SLPD DOUBLE FREE ================ An issue was found in openslp-2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc's doubly-linked memory chunk list. On line 409 of slpdprocess.c, the...

OpenSLP 'SLPDProcessMessage()' Function Denial of Service Vulnerability

OpenSLP Service Location Protocol is an IETF standard protocol developed by the OpenSLP project for dynamic service discovery within the Internet. The protocol supports looking up services in the network by their types and attributes. A denial of service vulnerability exists in OpenSLP. An attack...

Debian DLA-304-1 : openslp-dfsg security update

Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force IETF Service Location Protocol standards protocol. CVE-2010-3609 Remote attackers could cause a Denial of Service in the Service Location Protocol daemon SLPD via a crafted packet with a 'nex...