CVE-2021-21995

Summary

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
n/aVMware ESXi and VMware Cloud FoundationVMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)affected

Weaknesses

  • Authentication bypass vulnerability

ADP Enrichment

CVE Program Container

Additional References

References