CVE-2019-5544 vulnerability in Openslp and Other Products
Published on December 6, 2019

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Vendor Advisory NVD

Known Exploited Vulnerability

This VMware ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. OpenSLP as used in ESXi and the Horizon DaaS appliances have a heap overwrite issue. A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.

The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2019-5544 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2019-5544 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2019-5544

You can be notified by stack.watch whenever vulnerabilities like CVE-2019-5544 are published in these products:

What versions are vulnerable to CVE-2019-5544?

VMware Horizon Daas Version 8.0.0 Fixed in Version 9.0.0.0
VMware Esxi Version 6.0 -
VMware Esxi Version 6.0 1
VMware Esxi Version 6.0 1a
VMware Esxi Version 6.0 1b
VMware Esxi Version 6.0 2
VMware Esxi Version 6.0 3
VMware Esxi Version 6.0 3a
VMware Esxi Version 6.0 600-201504401
VMware Esxi Version 6.0 600-201505401
VMware Esxi Version 6.0 600-201507101
VMware Esxi Version 6.0 600-201507102
VMware Esxi Version 6.0 600-201507401
VMware Esxi Version 6.0 600-201507402
VMware Esxi Version 6.0 600-201507403
VMware Esxi Version 6.0 600-201507404
VMware Esxi Version 6.0 600-201507405
VMware Esxi Version 6.0 600-201507406
VMware Esxi Version 6.0 600-201507407
VMware Esxi Version 6.0 600-201509101
VMware Esxi Version 6.0 600-201509102
VMware Esxi Version 6.0 600-201509201
VMware Esxi Version 6.0 600-201509202
VMware Esxi Version 6.0 600-201509203
VMware Esxi Version 6.0 600-201509204
VMware Esxi Version 6.0 600-201509205
VMware Esxi Version 6.0 600-201509206
VMware Esxi Version 6.0 600-201509207
VMware Esxi Version 6.0 600-201509208
VMware Esxi Version 6.0 600-201509209
VMware Esxi Version 6.0 600-201509210
VMware Esxi Version 6.0 600-201510401
VMware Esxi Version 6.0 600-201511401
VMware Esxi Version 6.0 600-201601101
VMware Esxi Version 6.0 600-201601102
VMware Esxi Version 6.0 600-201601401
VMware Esxi Version 6.0 600-201601402
VMware Esxi Version 6.0 600-201601403
VMware Esxi Version 6.0 600-201601404
VMware Esxi Version 6.0 600-201601405
VMware Esxi Version 6.0 600-201602401
VMware Esxi Version 6.0 600-201603101
VMware Esxi Version 6.0 600-201603102
VMware Esxi Version 6.0 600-201603201
VMware Esxi Version 6.0 600-201603202
VMware Esxi Version 6.0 600-201603203
VMware Esxi Version 6.0 600-201603204
VMware Esxi Version 6.0 600-201603205
VMware Esxi Version 6.0 600-201603206
VMware Esxi Version 6.0 600-201603207
VMware Esxi Version 6.0 600-201603208
VMware Esxi Version 6.0 600-201605401
VMware Esxi Version 6.0 600-201608101
VMware Esxi Version 6.0 600-201608401
VMware Esxi Version 6.0 600-201608402
VMware Esxi Version 6.0 600-201608403
VMware Esxi Version 6.0 600-201608404
VMware Esxi Version 6.0 600-201608405
VMware Esxi Version 6.0 600-201610410
VMware Esxi Version 6.0 600-201611401
VMware Esxi Version 6.0 600-201611402
VMware Esxi Version 6.0 600-201611403
VMware Esxi Version 6.0 600-201702101
VMware Esxi Version 6.0 600-201702102
VMware Esxi Version 6.0 600-201702201
VMware Esxi Version 6.0 600-201702202
VMware Esxi Version 6.0 600-201702203
VMware Esxi Version 6.0 600-201702204
VMware Esxi Version 6.0 600-201702205
VMware Esxi Version 6.0 600-201702206
VMware Esxi Version 6.0 600-201702207
VMware Esxi Version 6.0 600-201702208
VMware Esxi Version 6.0 600-201702209
VMware Esxi Version 6.0 600-201702210
VMware Esxi Version 6.0 600-201702211
VMware Esxi Version 6.0 600-201702212
VMware Esxi Version 6.0 600-201703401
VMware Esxi Version 6.0 600-201706101
VMware Esxi Version 6.0 600-201706102
VMware Esxi Version 6.0 600-201706103
VMware Esxi Version 6.0 600-201706401
VMware Esxi Version 6.0 600-201706402
VMware Esxi Version 6.0 600-201706403
VMware Esxi Version 6.0 600-201710301
VMware Esxi Version 6.0 600-201811001
VMware Esxi Version 6.0 600-201811401
VMware Esxi Version 6.5 -
VMware Esxi Version 6.5 650-201701001
VMware Esxi Version 6.5 650-201703001
VMware Esxi Version 6.5 650-201703002
VMware Esxi Version 6.5 650-201704001
VMware Esxi Version 6.5 650-201707101
VMware Esxi Version 6.5 650-201707102
VMware Esxi Version 6.5 650-201707103
VMware Esxi Version 6.5 650-201707201
VMware Esxi Version 6.5 650-201707202
VMware Esxi Version 6.5 650-201707203
VMware Esxi Version 6.5 650-201707204
VMware Esxi Version 6.5 650-201707205
VMware Esxi Version 6.5 650-201707206
VMware Esxi Version 6.5 650-201707207
VMware Esxi Version 6.5 650-201707208
VMware Esxi Version 6.5 650-201707209
VMware Esxi Version 6.5 650-201707210
VMware Esxi Version 6.5 650-201707211
VMware Esxi Version 6.5 650-201707212
VMware Esxi Version 6.5 650-201707213
VMware Esxi Version 6.5 650-201707214
VMware Esxi Version 6.5 650-201707215
VMware Esxi Version 6.5 650-201707216
VMware Esxi Version 6.5 650-201707217
VMware Esxi Version 6.5 650-201707218
VMware Esxi Version 6.5 650-201707219
VMware Esxi Version 6.5 650-201707220
VMware Esxi Version 6.5 650-201707221
VMware Esxi Version 6.5 650-201710001
VMware Esxi Version 6.5 650-201712001
VMware Esxi Version 6.5 650-201803001
VMware Esxi Version 6.5 650-201806001
VMware Esxi Version 6.5 650-201808001
VMware Esxi Version 6.5 650-201810001
VMware Esxi Version 6.5 650-201810002
VMware Esxi Version 6.5 650-201811001
VMware Esxi Version 6.5 650-201811002
VMware Esxi Version 6.5 650-201811301
VMware Esxi Version 6.5 650-201901001
VMware Esxi Version 6.5 650-201903001
VMware Esxi Version 6.5 650-201905001
VMware Esxi Version 6.5 650-201908001
VMware Esxi Version 6.5 650-201910001
VMware Esxi Version 6.5 650-20191004001
VMware Esxi Version 6.5 650-201911001
VMware Esxi Version 6.5 650-201911401
VMware Esxi Version 6.5 650-201911402
VMware Esxi Version 6.7 -
VMware Esxi Version 6.7 670-201806001
VMware Esxi Version 6.7 670-201807001
VMware Esxi Version 6.7 670-201808001
VMware Esxi Version 6.7 670-201810001
VMware Esxi Version 6.7 670-201810101
VMware Esxi Version 6.7 670-201810102
VMware Esxi Version 6.7 670-201810103
VMware Esxi Version 6.7 670-201810201
VMware Esxi Version 6.7 670-201810202
VMware Esxi Version 6.7 670-201810203
VMware Esxi Version 6.7 670-201810204
VMware Esxi Version 6.7 670-201810205
VMware Esxi Version 6.7 670-201810206
VMware Esxi Version 6.7 670-201810207
VMware Esxi Version 6.7 670-201810208
VMware Esxi Version 6.7 670-201810209
VMware Esxi Version 6.7 670-201810210
VMware Esxi Version 6.7 670-201810211
VMware Esxi Version 6.7 670-201810212
VMware Esxi Version 6.7 670-201810213
VMware Esxi Version 6.7 670-201810214
VMware Esxi Version 6.7 670-201810215
VMware Esxi Version 6.7 670-201810216
VMware Esxi Version 6.7 670-201810217
VMware Esxi Version 6.7 670-201810218
VMware Esxi Version 6.7 670-201810219
VMware Esxi Version 6.7 670-201810220
VMware Esxi Version 6.7 670-201810221
VMware Esxi Version 6.7 670-201810222
VMware Esxi Version 6.7 670-201810223
VMware Esxi Version 6.7 670-201810224
VMware Esxi Version 6.7 670-201810225
VMware Esxi Version 6.7 670-201810226
VMware Esxi Version 6.7 670-201810227
VMware Esxi Version 6.7 670-201810228
VMware Esxi Version 6.7 670-201810229
VMware Esxi Version 6.7 670-201810230
VMware Esxi Version 6.7 670-201810231
VMware Esxi Version 6.7 670-201810232
VMware Esxi Version 6.7 670-201810233
VMware Esxi Version 6.7 670-201810234
VMware Esxi Version 6.7 670-201811001
VMware Esxi Version 6.7 670-201901001
VMware Esxi Version 6.7 670-201901401
VMware Esxi Version 6.7 670-201901402
VMware Esxi Version 6.7 670-201901403
VMware Esxi Version 6.7 670-201903001
VMware Esxi Version 6.7 670-201904001
VMware Esxi Version 6.7 670-201904201
VMware Esxi Version 6.7 670-201904202
VMware Esxi Version 6.7 670-201904203
VMware Esxi Version 6.7 670-201904204
VMware Esxi Version 6.7 670-201904205
VMware Esxi Version 6.7 670-201904206
VMware Esxi Version 6.7 670-201904207
VMware Esxi Version 6.7 670-201904208
VMware Esxi Version 6.7 670-201904209
VMware Esxi Version 6.7 670-201904210
VMware Esxi Version 6.7 670-201904211
VMware Esxi Version 6.7 670-201904212
VMware Esxi Version 6.7 670-201904213
VMware Esxi Version 6.7 670-201904214
VMware Esxi Version 6.7 670-201904215
VMware Esxi Version 6.7 670-201904216
VMware Esxi Version 6.7 670-201904217
VMware Esxi Version 6.7 670-201904218
VMware Esxi Version 6.7 670-201904219
VMware Esxi Version 6.7 670-201904220
VMware Esxi Version 6.7 670-201904221
VMware Esxi Version 6.7 670-201904222
VMware Esxi Version 6.7 670-201904223
VMware Esxi Version 6.7 670-201904224
VMware Esxi Version 6.7 670-201904225
VMware Esxi Version 6.7 670-201904226
VMware Esxi Version 6.7 670-201904227
VMware Esxi Version 6.7 670-201904228
VMware Esxi Version 6.7 670-201904229
VMware Esxi Version 6.7 670-201905001
VMware Esxi Version 6.7 670-201906002
VMware Esxi Version 6.7 670-201908101
VMware Esxi Version 6.7 670-201908102
VMware Esxi Version 6.7 670-201908103
VMware Esxi Version 6.7 670-201908104
VMware Esxi Version 6.7 670-201908201
VMware Esxi Version 6.7 670-201908202
VMware Esxi Version 6.7 670-201908203
VMware Esxi Version 6.7 670-201908204
VMware Esxi Version 6.7 670-201908205
VMware Esxi Version 6.7 670-201908206
VMware Esxi Version 6.7 670-201908207
VMware Esxi Version 6.7 670-201908208
VMware Esxi Version 6.7 670-201908209
VMware Esxi Version 6.7 670-201908210
VMware Esxi Version 6.7 670-201908211
VMware Esxi Version 6.7 670-201908212
VMware Esxi Version 6.7 670-201908213
VMware Esxi Version 6.7 670-201908214
VMware Esxi Version 6.7 670-201908215
VMware Esxi Version 6.7 670-201908216
VMware Esxi Version 6.7 670-201908217
VMware Esxi Version 6.7 670-201908218
VMware Esxi Version 6.7 670-201908219
VMware Esxi Version 6.7 670-201908220
VMware Esxi Version 6.7 670-201908221
VMware Esxi Version 6.7 670-201911001

Red Hat Enterprise Linux Desktop Version 7.0
Red Hat Enterprise Linux Server Version 7.0
Red Hat Enterprise Linux Server Aus Version 7.7
Red Hat Enterprise Linux Server Eus Version 7.7
Red Hat Enterprise Linux Server Tus Version 7.7
Red Hat Enterprise Linux Workstation Version 7.0

Openslp Version 1.2.1
Openslp Version 2.0.0