VMware ESXi is developed by VMware for deploying and serving virtual computers. OpenSLP (Service Location Protocol) is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration.
OpenSLP, as used in ESXi, has a heap-overflow vulnerability [CVE-2021-21974]. The buffer that can be overwritten is allocated in the heap portion of memory. A malicious actor in the same network segment as ESXi and with access to port 427 can trigger the heap-overflow issue in the OpenSLP service resulting in remote code execution.
- 7.0 before ESXi70U1c-17325551
- 6.7 before ESXi670-202102401-SG
- 6.5 before ESXi650-202102101-SG