Strix
26.1K

CVE-2010-3609

UnknownEPSS 17.22%

Last modified

CVE-2010-3609 is a vulnerability of currently unknown severity. The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.. EPSS estimates a 17.22% chance of exploitation in the next 30 days.

Description

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Metrics

EPSS Probability
17.22%

96.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
OpenslpOpenslp1.2.1
VmwareEsx4.0
VmwareEsx4.1
VmwareEsxi4.0
VmwareEsxi4.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-3609?
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
How severe is CVE-2010-3609?
Severity scoring for CVE-2010-3609 is pending analysis. The EPSS model estimates a 17.22% probability of exploitation in the next 30 days.
How do I fix CVE-2010-3609?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-3609?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST