QwikSec

Security Database

CVE

CWE

Training

CVE-2023-29552

Published: Apr 25, 2023

Modified: Oct 21, 2025

PUBLISHED

Description

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://datatracker.ietf.org/doc/html/rfc2608

https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp

https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html

https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks

https://www.suse.com/support/kb/doc/?id=000021051

https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html

https://github.com/curesec/slpload

https://security.netapp.com/advisory/ntap-20230426-0001/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.