CVE-2019-5544
| CVE Published | 2019-12-06 |
|---|---|
| Related CWE(s) | CWE-787: Out-of-bounds Write |
| Related Vendor(s) | fedoraproject, openslp, vmware, redhat |
| Related Product(s) | enterprise_linux_server_eus, enterprise_linux_server_aus, enterprise_linux_for_ibm_z_systems, enterprise_linux_workstation, enterprise_linux_for_power_big_endian, enterprise_linux_for_power_big_endian_eus, openslp, horizon_daas, enterprise_linux_for_power_little_endian, fedora, enterprise_linux_server, esxi, enterprise_linux_desktop, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_tus |
| Exploitation Reported (CISA KEV) | 2021-11-03 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph