CVE Stalker: CVE-2019-5544

CVE Details

CVE-2019-5544 VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability

Published: 2021-11-03 CVSS: 9.8 CRITICAL Product: VMware VMware ESXi and Horizon DaaS Due Date: 2022-05-03

VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

dgh05t/VMware_ESXI_OpenSLP_PoCs • ⭐ 67 • 2021-02-04 • Conf: 95.0%
CVE-2020-3992 & CVE-2019-5544

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

Score: 9.8
Severity: CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: active
Automatable: yes
Technical Impact: total

References

Show Raw Data

Key	Remaining Key	Value
containers >	cna > affected > 0 > product	ESXi and Horizon DaaS
containers >	cna > affected > 0 > vendor	n/a
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > affected > 0 > versions > 0 > version	ESXi 6.7 prior to patch release ESXi670-201912001, ESXi 6.5 prior to patch release ESXi650-201912001, ESXi 6.0 prior to patch release ESXi600-201912001 and Horizon DaaS 8.x prior to BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix.
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
containers >	cna > problemTypes > 0 > descriptions > 0 > description	Heap Overwrite
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > type	text
containers >	cna > providerMetadata > dateUpdated	2020-05-14T23:06:15.000Z
containers >	cna > providerMetadata > orgId	dcf2e128-44bd-42ed-91e8-88f912c1401d
containers >	cna > providerMetadata > shortName	vmware
containers >	cna > references > 0 > tags > 0	x_refsource_CONFIRM
containers >	cna > references > 0 > url	http://www.vmware.com/security/advisories/VMSA-2019-0022.html
containers >	cna > references > 1 > name	[oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
containers >	cna > references > 1 > tags > 0	mailing-list
containers >	cna > references > 1 > tags > 1	x_refsource_MLIST
containers >	cna > references > 1 > url	http://www.openwall.com/lists/oss-security/2019/12/10/2
containers >	cna > references > 2 > name	[oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
containers >	cna > references > 2 > tags > 0	mailing-list
containers >	cna > references > 2 > tags > 1	x_refsource_MLIST
containers >	cna > references > 2 > url	http://www.openwall.com/lists/oss-security/2019/12/11/2
containers >	cna > references > 3 > name	RHSA-2019:4240
containers >	cna > references > 3 > tags > 0	vendor-advisory
containers >	cna > references > 3 > tags > 1	x_refsource_REDHAT
containers >	cna > references > 3 > url	https://access.redhat.com/errata/RHSA-2019:4240
containers >	cna > references > 4 > name	FEDORA-2019-1e5ae33e87
containers >	cna > references > 4 > tags > 0	vendor-advisory
containers >	cna > references > 4 > tags > 1	x_refsource_FEDORA
containers >	cna > references > 4 > url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/
containers >	cna > references > 5 > name	FEDORA-2019-86bceb61b3
containers >	cna > references > 5 > tags > 0	vendor-advisory
containers >	cna > references > 5 > tags > 1	x_refsource_FEDORA
containers >	cna > references > 5 > url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/
containers >	cna > references > 6 > name	RHSA-2020:0199
containers >	cna > references > 6 > tags > 0	vendor-advisory
containers >	cna > references > 6 > tags > 1	x_refsource_REDHAT
containers >	cna > references > 6 > url	https://access.redhat.com/errata/RHSA-2020:0199
containers >	cna > references > 7 > name	GLSA-202005-12
containers >	cna > references > 7 > tags > 0	vendor-advisory
containers >	cna > references > 7 > tags > 1	x_refsource_GENTOO
containers >	cna > references > 7 > url	https://security.gentoo.org/glsa/202005-12
containers >	cna > x_legacyV4Record > CVE_data_meta > ASSIGNER	[email protected]
containers >	cna > x_legacyV4Record > CVE_data_meta > ID	CVE-2019-5544
containers >	cna > x_legacyV4Record > CVE_data_meta > STATE	PUBLIC
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > product_name	ESXi and Horizon DaaS
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 0 > version_value	ESXi 6.7 prior to patch release ESXi670-201912001, ESXi 6.5 prior to patch release ESXi650-201912001, ESXi 6.0 prior to patch release ESXi600-201912001 and Horizon DaaS 8.x prior to BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix.
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > vendor_name	n/a
containers >	cna > x_legacyV4Record > data_format	MITRE
containers >	cna > x_legacyV4Record > data_type	CVE
containers >	cna > x_legacyV4Record > data_version	4.0
containers >	cna > x_legacyV4Record > description > description_data > 0 > lang	eng
containers >	cna > x_legacyV4Record > description > description_data > 0 > value	OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
containers >	cna > x_legacyV4Record > problemtype > problemtype_data > 0 > description > 0 > lang	eng
containers >	cna > x_legacyV4Record > problemtype > problemtype_data > 0 > description > 0 > value	Heap Overwrite
containers >	cna > x_legacyV4Record > references > reference_data > 0 > name	http://www.vmware.com/security/advisories/VMSA-2019-0022.html
containers >	cna > x_legacyV4Record > references > reference_data > 0 > refsource	CONFIRM
containers >	cna > x_legacyV4Record > references > reference_data > 0 > url	http://www.vmware.com/security/advisories/VMSA-2019-0022.html
containers >	cna > x_legacyV4Record > references > reference_data > 1 > name	[oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
containers >	cna > x_legacyV4Record > references > reference_data > 1 > refsource	MLIST
containers >	cna > x_legacyV4Record > references > reference_data > 1 > url	http://www.openwall.com/lists/oss-security/2019/12/10/2
containers >	cna > x_legacyV4Record > references > reference_data > 2 > name	[oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
containers >	cna > x_legacyV4Record > references > reference_data > 2 > refsource	MLIST
containers >	cna > x_legacyV4Record > references > reference_data > 2 > url	http://www.openwall.com/lists/oss-security/2019/12/11/2
containers >	cna > x_legacyV4Record > references > reference_data > 3 > name	RHSA-2019:4240
containers >	cna > x_legacyV4Record > references > reference_data > 3 > refsource	REDHAT
containers >	cna > x_legacyV4Record > references > reference_data > 3 > url	https://access.redhat.com/errata/RHSA-2019:4240
containers >	cna > x_legacyV4Record > references > reference_data > 4 > name	FEDORA-2019-1e5ae33e87
containers >	cna > x_legacyV4Record > references > reference_data > 4 > refsource	FEDORA
containers >	cna > x_legacyV4Record > references > reference_data > 4 > url	https://lists.fedoraproject.org/archives/list/[email protected]/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/
containers >	cna > x_legacyV4Record > references > reference_data > 5 > name	FEDORA-2019-86bceb61b3
containers >	cna > x_legacyV4Record > references > reference_data > 5 > refsource	FEDORA
containers >	cna > x_legacyV4Record > references > reference_data > 5 > url	https://lists.fedoraproject.org/archives/list/[email protected]/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/
containers >	cna > x_legacyV4Record > references > reference_data > 6 > name	RHSA-2020:0199
containers >	cna > x_legacyV4Record > references > reference_data > 6 > refsource	REDHAT
containers >	cna > x_legacyV4Record > references > reference_data > 6 > url	https://access.redhat.com/errata/RHSA-2020:0199
containers >	cna > x_legacyV4Record > references > reference_data > 7 > name	GLSA-202005-12
containers >	cna > x_legacyV4Record > references > reference_data > 7 > refsource	GENTOO
containers >	cna > x_legacyV4Record > references > reference_data > 7 > url	https://security.gentoo.org/glsa/202005-12
containers >	adp > 0 > providerMetadata > orgId	af854a3a-2127-422b-91ae-364da2661108
containers >	adp > 0 > providerMetadata > shortName	CVE
containers >	adp > 0 > providerMetadata > dateUpdated	2024-08-04T20:01:51.272Z
containers >	adp > 0 > title	CVE Program Container
containers >	adp > 0 > references > 0 > tags > 0	x_refsource_CONFIRM
containers >	adp > 0 > references > 0 > tags > 1	x_transferred
containers >	adp > 0 > references > 0 > url	http://www.vmware.com/security/advisories/VMSA-2019-0022.html
containers >	adp > 0 > references > 1 > name	[oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
containers >	adp > 0 > references > 1 > tags > 0	mailing-list
containers >	adp > 0 > references > 1 > tags > 1	x_refsource_MLIST
containers >	adp > 0 > references > 1 > tags > 2	x_transferred
containers >	adp > 0 > references > 1 > url	http://www.openwall.com/lists/oss-security/2019/12/10/2
containers >	adp > 0 > references > 2 > name	[oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
containers >	adp > 0 > references > 2 > tags > 0	mailing-list
containers >	adp > 0 > references > 2 > tags > 1	x_refsource_MLIST
containers >	adp > 0 > references > 2 > tags > 2	x_transferred
containers >	adp > 0 > references > 2 > url	http://www.openwall.com/lists/oss-security/2019/12/11/2
containers >	adp > 0 > references > 3 > name	RHSA-2019:4240
containers >	adp > 0 > references > 3 > tags > 0	vendor-advisory
containers >	adp > 0 > references > 3 > tags > 1	x_refsource_REDHAT
containers >	adp > 0 > references > 3 > tags > 2	x_transferred
containers >	adp > 0 > references > 3 > url	https://access.redhat.com/errata/RHSA-2019:4240
containers >	adp > 0 > references > 4 > name	FEDORA-2019-1e5ae33e87
containers >	adp > 0 > references > 4 > tags > 0	vendor-advisory
containers >	adp > 0 > references > 4 > tags > 1	x_refsource_FEDORA
containers >	adp > 0 > references > 4 > tags > 2	x_transferred
containers >	adp > 0 > references > 4 > url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/
containers >	adp > 0 > references > 5 > name	FEDORA-2019-86bceb61b3
containers >	adp > 0 > references > 5 > tags > 0	vendor-advisory
containers >	adp > 0 > references > 5 > tags > 1	x_refsource_FEDORA
containers >	adp > 0 > references > 5 > tags > 2	x_transferred
containers >	adp > 0 > references > 5 > url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/
containers >	adp > 0 > references > 6 > name	RHSA-2020:0199
containers >	adp > 0 > references > 6 > tags > 0	vendor-advisory
containers >	adp > 0 > references > 6 > tags > 1	x_refsource_REDHAT
containers >	adp > 0 > references > 6 > tags > 2	x_transferred
containers >	adp > 0 > references > 6 > url	https://access.redhat.com/errata/RHSA-2020:0199
containers >	adp > 0 > references > 7 > name	GLSA-202005-12
containers >	adp > 0 > references > 7 > tags > 0	vendor-advisory
containers >	adp > 0 > references > 7 > tags > 1	x_refsource_GENTOO
containers >	adp > 0 > references > 7 > tags > 2	x_transferred
containers >	adp > 0 > references > 7 > url	https://security.gentoo.org/glsa/202005-12
containers >	adp > 1 > metrics > 0 > cvssV3_1 > scope	UNCHANGED
containers >	adp > 1 > metrics > 0 > cvssV3_1 > version	3.1
containers >	adp > 1 > metrics > 0 > cvssV3_1 > baseScore	9.8
containers >	adp > 1 > metrics > 0 > cvssV3_1 > attackVector	NETWORK
containers >	adp > 1 > metrics > 0 > cvssV3_1 > baseSeverity	CRITICAL
containers >	adp > 1 > metrics > 0 > cvssV3_1 > vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
containers >	adp > 1 > metrics > 0 > cvssV3_1 > integrityImpact	HIGH
containers >	adp > 1 > metrics > 0 > cvssV3_1 > userInteraction	NONE
containers >	adp > 1 > metrics > 0 > cvssV3_1 > attackComplexity	LOW
containers >	adp > 1 > metrics > 0 > cvssV3_1 > availabilityImpact	HIGH
containers >	adp > 1 > metrics > 0 > cvssV3_1 > privilegesRequired	NONE
containers >	adp > 1 > metrics > 0 > cvssV3_1 > confidentialityImpact	HIGH
containers >	adp > 1 > metrics > 1 > other > type	ssvc
containers >	adp > 1 > metrics > 1 > other > content > id	CVE-2019-5544
containers >	adp > 1 > metrics > 1 > other > content > role	CISA Coordinator
containers >	adp > 1 > metrics > 1 > other > content > options > 0 > Exploitation	active
containers >	adp > 1 > metrics > 1 > other > content > options > 1 > Automatable	yes
containers >	adp > 1 > metrics > 1 > other > content > options > 2 > Technical Impact	total
containers >	adp > 1 > metrics > 1 > other > content > version	2.0.3
containers >	adp > 1 > metrics > 1 > other > content > timestamp	2025-02-07T13:13:22.588499Z
containers >	adp > 1 > metrics > 2 > other > type	kev
containers >	adp > 1 > metrics > 2 > other > content > dateAdded	2021-11-03
containers >	adp > 1 > metrics > 2 > other > content > reference	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5544
containers >	adp > 1 > references > 0 > url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5544
containers >	adp > 1 > references > 0 > tags > 0	government-resource
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > lang	en
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > type	CWE
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > cweId	CWE-787
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > description	CWE-787 Out-of-bounds Write
containers >	adp > 1 > timeline > 0 > time	2021-11-03T00:00:00.000Z
containers >	adp > 1 > timeline > 0 > lang	en
containers >	adp > 1 > timeline > 0 > value	CVE-2019-5544 added to CISA KEV
containers >	adp > 1 > title	CISA ADP Vulnrichment
containers >	adp > 1 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 1 > providerMetadata > shortName	CISA-ADP
containers >	adp > 1 > providerMetadata > dateUpdated	2025-10-21T23:35:56.590Z
cveMetadata >	assignerOrgId	dcf2e128-44bd-42ed-91e8-88f912c1401d
cveMetadata >	assignerShortName	vmware
cveMetadata >	cveId	CVE-2019-5544
cveMetadata >	datePublished	2019-12-06T15:54:18.000Z
cveMetadata >	dateReserved	2019-01-07T00:00:00.000Z
cveMetadata >	dateUpdated	2025-10-21T23:35:56.590Z
cveMetadata >	state	PUBLISHED
dataType		CVE_RECORD
dataVersion		5.1