CVE-2019-5544

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2019/12/10/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/11/2	Mailing List Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0022.html	Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4240	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0199	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/	Release Notes
https://security.gentoo.org/glsa/202005-12	Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/10/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/11/2	Mailing List Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0022.html	Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4240	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0199	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/	Release Notes
https://security.gentoo.org/glsa/202005-12	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:horizon_daas::::::::
	cpe:2.3:o:vmware:esxi:6.0:-::::::
	cpe:2.3:o:vmware:esxi:6.0:1::::::
	cpe:2.3:o:vmware:esxi:6.0:1a::::::
	cpe:2.3:o:vmware:esxi:6.0:1b::::::
	cpe:2.3:o:vmware:esxi:6.0:2::::::
	cpe:2.3:o:vmware:esxi:6.0:3::::::
	cpe:2.3:o:vmware:esxi:6.0:3a::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201504401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201505401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507101::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507102::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507402::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507403::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507404::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507405::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507406::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201507407::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509101::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509102::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509201::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509202::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509203::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509204::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509205::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509206::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509207::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509208::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509209::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201509210::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201510401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201511401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201601101::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201601102::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201601401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201601402::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201601403::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201601404::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201601405::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201602401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603101::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603102::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603201::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603202::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603203::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603204::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603205::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603206::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603207::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201603208::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201605401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201608101::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201608401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201608402::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201608403::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201608404::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201608405::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201610410::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201611401::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201611402::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201611403::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201702101::::::
	cpe:2.3:o:vmware:esxi:6.0:600-201702102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702201::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702202::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702203::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702204::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702205::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702206::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702207::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702208::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702209::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702210::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702211::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702212::::::
cpe:2.3:o:vmware:esxi:6.0:600-201703401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706103::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201710301::::::
cpe:2.3:o:vmware:esxi:6.0:600-201811001::::::
cpe:2.3:o:vmware:esxi:6.0:600-201811401::::::
cpe:2.3:o:vmware:esxi:6.5:-::::::
cpe:2.3:o:vmware:esxi:6.5:650-201701001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201703001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201703002::::::
cpe:2.3:o:vmware:esxi:6.5:650-201704001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707101::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707102::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707103::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707201::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707202::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707203::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707204::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707205::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707206::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707207::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707208::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707209::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707210::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707211::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707212::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707213::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707214::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707215::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707216::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707217::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707218::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707219::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707220::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707221::::::
cpe:2.3:o:vmware:esxi:6.5:650-201710001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201712001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201803001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201806001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201808001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201810001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201810002::::::
cpe:2.3:o:vmware:esxi:6.5:650-201811001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201811002::::::
cpe:2.3:o:vmware:esxi:6.5:650-201811301::::::
cpe:2.3:o:vmware:esxi:6.5:650-201901001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201903001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201905001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201908001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201910001::::::
cpe:2.3:o:vmware:esxi:6.5:650-20191004001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201911001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201911401::::::
cpe:2.3:o:vmware:esxi:6.5:650-201911402::::::
cpe:2.3:o:vmware:esxi:6.7:-::::::
cpe:2.3:o:vmware:esxi:6.7:670-201806001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201807001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201808001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810101::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810102::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810103::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810201::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810202::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810203::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810204::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810205::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810206::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810207::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810208::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810209::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810210::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810211::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810212::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810213::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810214::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810215::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810216::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810217::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810218::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810219::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810220::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810221::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810222::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810223::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810224::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810225::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810226::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810227::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810228::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810229::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810230::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810231::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810232::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810233::::::
cpe:2.3:o:vmware:esxi:6.7:670-201810234::::::
cpe:2.3:o:vmware:esxi:6.7:670-201811001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201901001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201901401::::::
cpe:2.3:o:vmware:esxi:6.7:670-201901402::::::
cpe:2.3:o:vmware:esxi:6.7:670-201901403::::::
cpe:2.3:o:vmware:esxi:6.7:670-201903001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904201::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904202::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904203::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904204::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904205::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904206::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904207::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904208::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904209::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904210::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904211::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904212::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904213::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904214::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904215::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904216::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904217::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904218::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904219::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904220::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904221::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904222::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904223::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904224::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904225::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904226::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904227::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904228::::::
cpe:2.3:o:vmware:esxi:6.7:670-201904229::::::
cpe:2.3:o:vmware:esxi:6.7:670-201905001::::::
cpe:2.3:o:vmware:esxi:6.7:670-201906002::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908101::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908102::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908103::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908104::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908201::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908202::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908203::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908204::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908205::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908206::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908207::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908208::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908209::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908210::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908211::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908212::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908213::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908214::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908215::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908216::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908217::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908218::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908219::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908220::::::
cpe:2.3:o:vmware:esxi:6.7:670-201908221::::::
cpe:2.3:o:vmware:esxi:6.7:670-201911001::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 (hide)

cpe:2.3:a:openslp:openslp:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*

History

No history.

Information

Published : 2019-12-06 16:15

Updated : 2025-02-07 14:59

NVD link : CVE-2019-5544

Mitre link : CVE-2019-5544

CVE.ORG link : CVE-2019-5544

JSON object : View

Products Affected

redhat

enterprise_linux_workstation
enterprise_linux_server_aus
enterprise_linux_desktop
enterprise_linux_for_power_big_endian_eus
enterprise_linux_for_power_little_endian
enterprise_linux_for_power_big_endian
enterprise_linux_server
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_server_eus
enterprise_linux_server_tus

vmware

esxi
horizon_daas

fedoraproject

fedora

openslp

openslp

CWE

CWE-787

Out-of-bounds Write

9.8 /10