Published: 27 March 2017
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
CVSS 3 base score: 7.5
possibly may only affect openslp 2.0.x
confirmed, code in 1.2.x doesn't look vulnerable