Endpoint Vulnerability

CVE-2019-5544openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution

Description

A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service.

Affected Products

openslp

References

CVE-2019-5544,