vulnerability

Oracle Linux: CVE-2019-5544: ELSA-2019-4240: openslp security update (CRITICAL) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Dec 6, 2019	Jan 24, 2020	Dec 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 6, 2019

Added

Jan 24, 2020

Modified

Dec 3, 2025

Description

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
A heap overflow vulnerability was found in OpenSLP. An attacker could use this flaw to gain remote code execution.

Solutions

oracle-linux-upgrade-openslporacle-linux-upgrade-openslp-develoracle-linux-upgrade-openslp-server

References

CVE-2019-5544
https://attackerkb.com/topics/CVE-2019-5544
ELSA-ELSA-2019-4240
ELSA-ELSA-2020-0199
CWE-787

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today