Unrated severityNVD Advisory· Published Mar 11, 2011· Updated Apr 29, 2026

CVE-2010-3609

Description

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Affected products

Openslp/Openslp
cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*
VMware/Esx2 versions
cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
VMware/Esxi2 versions
cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/43601nvdVendor Advisory
secunia.com/advisories/43742nvdVendor Advisory
www.vmware.com/security/advisories/VMSA-2011-0004.htmlnvdVendor Advisory
www.vupen.com/english/advisories/2011/0606nvdVendor Advisory
www.vupen.com/english/advisories/2011/0729nvdVendor Advisory
www.kb.cert.org/vuls/id/393783nvdUS Government Resource
lists.vmware.com/pipermail/security-announce/2011/000126.htmlnvd
securityreason.com/securityalert/8127nvd
securitytracker.com/idnvd
www.mandriva.com/security/advisoriesnvd
www.mandriva.com/security/advisoriesnvd
www.osvdb.org/71019nvd
www.securityfocus.com/archive/1/516909/100/0/threadednvd
www.securityfocus.com/bid/46772nvd
exchange.xforce.ibmcloud.com/vulnerabilities/65931nvd
security.gentoo.org/glsa/201707-05nvd
wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.028
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000