CVE-2015-5177

Published: 07 August 2015

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
openslp-dfsg
Launchpad, Ubuntu, Debian
Upstream
Released (2.0)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.2.1-9ubuntu0.2)
Patches:
Upstream: http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/