Bug 2167943 (CVE-2021-21974)

Summary: CVE-2021-21974 OpenSLP: heap-overflow
Product: [Other] Security Response Reporter: Zack Miele <zmiele>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: vcrhonek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A heap overflow vulnerability was found in OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG). This flaw allows a malicious actor residing within the same network segment as ESXi, who has access to port 427, to trigger the heap overflow issue in the OpenSLP service, resulting in remote code execution.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-10 04:36:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2167938    

Description Zack Miele 2023-02-07 18:27:20 UTC 
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

https://www.vmware.com/security/advisories/VMSA-2021-0002.html
https://www.zerodayinitiative.com/advisories/ZDI-21-250/
http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html
Comment 2 Product Security DevOps Team 2023-02-10 04:36:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-21974