FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openslp -- denial of service vulnerability

Affected packages
openslp < 2.0.0

Details

VuXML ID 3c259621-5d4a-11e5-9ad8-14dae9d210b8
Discovery 2015-09-16
Entry 2015-09-17

Qinghao Tang reports:

The function ParseExtension() in openslp 1.2.1 exists a vulnerability , an attacher can cause a denial of service (infinite loop) via a packet with crafted "nextoffset" value and "extid" value.

References

CVE Name CVE-2015-5155
URL http://seclists.org/oss-sec/2015/q3/559