Vulnerability Details CVE-2015-5177
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/
- http://www.securityfocus.com/bid/76635
- http://www.securitytracker.com/id/1033719
- https://bugzilla.redhat.com/show_bug.cgi?id=1251064
- https://www.debian.org/security/2015/dsa-3353
- http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/
- http://www.securityfocus.com/bid/76635
- http://www.securitytracker.com/id/1033719
- https://bugzilla.redhat.com/show_bug.cgi?id=1251064
- https://www.debian.org/security/2015/dsa-3353
Products affected by CVE-2015-5177
-
cpe:2.3:a:openslp:openslp:1.2.1
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0