ALAS2-2019-1378 --- openslpID: oval:org.secpod.oval:def:1700283 | Date: (C)2019-12-23 (M)2023-12-20 |
Class: PATCH | Family: unix |
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service.