oss-sec mailing list archives
Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
From: VMware Security Response Center <security () vmware com>
Date: Wed, 11 Dec 2019 00:10:31 +0000
> On 12/10/19, 2:25 AM, "Riccardo Schirone" <rschiron () redhat com> wrote: > On 12/06, VMware Security Response Center wrote: >> openslp has a heap overflow vulnerability that when exploited may result > > in memory corruption and a crash of slpd or in remote code execution. > > > > CVE-2019-5544 has been assigned to this issue. > > > > Below you may find: > > - a copy of the affected code with comments indicating the problem. > > - patches for openslp versions 1.2.1 and 2.0.0 > Are those fixes commited anywhere? I could not find them on GitHub. The patches have been provided to the maintainer of openslp. These are the same patches as mentioned in our initial post at https://www.openwall.com/lists/oss-security/2019/12/06/1. The openslp github repository has not yet been updated, see https://github.com/openslp-org/openslp. >> >> VMware would like to thank the 360Vulcan team working with the 2019 >> Tianfu Cup Pwn Contest for reporting this issue to us. >> >> VMware Security Response Center >> >> > Thanks, > -- > Riccardo Schirone > Red Hat -- Product Security > Email: rschiron () redhat com >PGP-Key ID: CF96E110 Thanks, VMware Security Response Center
Current thread:
- CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center (Dec 05)
- Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability Riccardo Schirone (Dec 10)
- Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center (Dec 11)
- Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability Riccardo Schirone (Dec 10)