Back to search
CVE-2019-5544
Published: Dec 6, 2019
Modified: Oct 21, 2025
PUBLISHED
Description
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
| Vendor | Product | Versions |
|---|---|---|
n/a | ESXi and Horizon DaaS | affected ESXi 6.7 prior to patch release ESXi670-201912001, ESXi 6.5 prior to patch release ESXi650-201912001, ESXi 6.0 prior to patch release ESXi600-201912001 and Horizon DaaS 8.x prior to BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix. |
References
http://www.vmware.com/security/advisories/VMSA-2019-0022.html
x_refsource_CONFIRM
[oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
mailing-list
x_refsource_MLIST
RHSA-2019:4240
vendor-advisory
x_refsource_REDHAT
FEDORA-2019-1e5ae33e87
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-86bceb61b3
vendor-advisory
x_refsource_FEDORA
RHSA-2020:0199
vendor-advisory
x_refsource_REDHAT
GLSA-202005-12
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now