Bug 2167943 (CVE-2021-21974)
Summary: | CVE-2021-21974 OpenSLP: heap-overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Zack Miele <zmiele> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | vcrhonek |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | --- | |
Doc Text: |
A heap overflow vulnerability was found in OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG). This flaw allows a malicious actor residing within the same network segment as ESXi, who has access to port 427, to trigger the heap overflow issue in the OpenSLP service, resulting in remote code execution.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-02-10 04:36:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2167938 |
Description
Zack Miele
2023-02-07 18:27:20 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-21974 |