CVE-2010-3609

OpenSLP - Denial of Service via Extension Parser Infinite Loop

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3609. PoCs published by Nicolas Gregoire.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) in OpenSLP by crafting malformed SLP packets with invalid extension offsets, causing the service to crash. It supports multiple delivery modes (unicast, broadcast, multicast, TCP) and targets OpenSLP v1.2.1 and earlier.

Description

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC
by Nicolas Gregoire · pythondosmultiple
https://www.exploit-db.com/exploits/17610

This exploit triggers a denial-of-service (DoS) in OpenSLP by crafting malformed SLP packets with invalid extension offsets, causing the service to crash. It supports multiple delivery modes (unicast, broadcast, multicast, TCP) and targets OpenSLP v1.2.1 and earlier.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenSLP v1.2.1 and trunk before revision 1647
No auth needed
Prerequisites: Network access to the target SLP service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/393783
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/71019
Various Sources mailing-list x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43742
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0606
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516909/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8127
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025168
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201707-05
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0729
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46772
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43601

Scores

EPSS 0.1722
EPSS Percentile 96.7%

Details

Status published
Products (5)
openslp/openslp 1.2.1
vmware/esx 4.0
vmware/esx 4.1
vmware/esxi 4.0
vmware/esxi 4.1
Published Mar 11, 2011
Tracked Since Feb 18, 2026