oss-sec mailing list archives
Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
From: VMware Security Response Center <security () vmware com>
Date: Wed, 11 Dec 2019 00:10:31 +0000
> On 12/10/19, 2:25 AM, "Riccardo Schirone" <rschiron () redhat com> wrote:
> On 12/06, VMware Security Response Center wrote:
>> openslp has a heap overflow vulnerability that when exploited may result
> > in memory corruption and a crash of slpd or in remote code execution.
> >
> > CVE-2019-5544 has been assigned to this issue.
> >
> > Below you may find:
> > - a copy of the affected code with comments indicating the problem.
> > - patches for openslp versions 1.2.1 and 2.0.0
> Are those fixes commited anywhere? I could not find them on GitHub.
The patches have been provided to the maintainer of openslp. These are the
same patches as mentioned in our initial post at
https://www.openwall.com/lists/oss-security/2019/12/06/1.
The openslp github repository has not yet been updated, see
https://github.com/openslp-org/openslp.
>>
>> VMware would like to thank the 360Vulcan team working with the 2019
>> Tianfu Cup Pwn Contest for reporting this issue to us.
>>
>> VMware Security Response Center
>>
>>
> Thanks,
> --
> Riccardo Schirone
> Red Hat -- Product Security
> Email: rschiron () redhat com
>PGP-Key ID: CF96E110
Thanks,
VMware Security Response Center
Current thread:
- CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center (Dec 05)
- Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability Riccardo Schirone (Dec 10)
- Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center (Dec 11)
- Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability Riccardo Schirone (Dec 10)