Multiple vulnerabilities in OpenSLP
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-4912 CVE-2016-7567 |
| CWE-ID | CWE-476 CWE-119 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
OpenSLP Server applications / Other server solutions |
| Vendor | openslp.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU39364
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-4912
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a large number of crafted packets, which triggers a memory allocation failure.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsOpenSLP: 2.0.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2016/05/18/6
https://www.securitytracker.com/id/1035916
https://bugzilla.redhat.com/show_bug.cgi?id=1329295
https://security.gentoo.org/glsa/201707-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU39798
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-7567
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenSLP: 2.0.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2016/09/27/4
https://www.openwall.com/lists/oss-security/2016/09/28/1
https://www.securityfocus.com/bid/93186
https://security.gentoo.org/glsa/201707-05
https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/
https://www.exploit-db.com/exploits/45804/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
