CVE-2010-3609

medium

VMware

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Score

35.5%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

None

Availability

Published: March 11, 2011 (5543 days ago)

Last Modified: April 29, 2026

Vendor: VMware

Source: NVD

Description

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

CWE

NVD-CWE-noinfo

Affected Products

openslp openslpvmware esxvmware esxi

References

🔗 lists.vmware.com 🔗 secunia.com 🔗 secunia.com 🔗 securityreason.com 🔗 securitytracker.com

CVE-2010-3609

Vulnerability Report

Description

CWE

Affected Products

References