vulnerability
VMSA-2021-0002: OpenSLP heap-overflow vulnerability (CVE-2021-21974)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:L/Au:N/C:P/I:P/A:P) | Feb 23, 2021 | Feb 24, 2021 | Jun 24, 2026 |
Severity
6
CVSS
(AV:A/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 23, 2021
Added
Feb 24, 2021
Modified
Jun 24, 2026
Description
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
Solutions
vmware-esxi65-upgrade-17477841vmware-esxi67-upgrade-17499825vmware-esxi700-upgrade-17325551
References
- CVE-2021-21974
- https://attackerkb.com/topics/CVE-2021-21974
- http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html
- https://www.vmware.com/security/advisories/VMSA-2021-0002.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-250/
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-9145
- CWE-787
- EUVD-EUVD-2021-9145
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.