CVE-2010-3609

Exp

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Published: 2011-03-11 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2010-3609

EPSS CVSS Exploit-DB Affected OS Tracker

Conclusion & alert: CVE-2010-3609 is rated High Exploit Risk (67.4/100): CVSS Medium severity, with high exploitation likelihood (EPSS 35.47%, 97th percentile). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2010-3609

EDB-ID	Source	Kind	Published	Link
17610	exploit_db	edb	2011-08-05	Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2010-3609

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-11-18	36.98%	35.47%	-1.51%
2	2025-09-16	34.59%	36.98%	+2.38%
3	2025-08-11	—	34.59%	—

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-3609

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Weakness enumeration for CVE-2010-3609

OS Trackers for CVE-2010-3609

vendor	priority	summary	link
`gentoo`	normal	CVE-2010-3609: 1 GLSA(s) (201707-05), 1 atom(s) (net-libs/openslp); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-3609
`suse`	medium	CVE-2010-3609 severity moderate: SUSE including 59 source package names (libslp1-2.0.0-160000.2.2, libslp1-openssl1-1.2.0-172.26.1, …), 86 product×package rows across 35 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (35 product lines)): Fixed 86.	https://www.suse.com/security/cve/CVE-2010-3609/
`ubuntu`	medium	CVE-2010-3609 medium priority: Ubuntu including 2 source packages (openslp, openslp-dfsg), 12 status rows across 6 suites (dapper, hardy, karmic, lucid, maverick, upstream): DNE 5, released 5, needs-triage 2.	https://ubuntu.com/security/CVE-2010-3609

Affected software / configurations for CVE-2010-3609

Vendor	Product	Version	Raw CPE
openslp	openslp	1.2.1	cpe:2.3:a:openslp:openslp:1.2.1:::::::*
vmware	esx	4.0	cpe:2.3:a:vmware:esx:4.0:::::::*
vmware	esx	4.1	cpe:2.3:a:vmware:esx:4.1:::::::*
vmware	esxi	4.0	cpe:2.3:a:vmware:esxi:4.0:::::::*
vmware	esxi	4.1	cpe:2.3:a:vmware:esxi:4.1:::::::*

References for CVE-2010-3609

URL	Tags
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://secunia.com/advisories/43601	Vendor Advisory
http://secunia.com/advisories/43742	Vendor Advisory
http://securityreason.com/securityalert/8127
http://securitytracker.com/id?1025168
http://www.kb.cert.org/vuls/id/393783	US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
http://www.osvdb.org/71019
http://www.securityfocus.com/archive/1/516909/100/0/threaded
http://www.securityfocus.com/bid/46772
http://www.vmware.com/security/advisories/VMSA-2011-0004.html	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0606	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0729	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
https://security.gentoo.org/glsa/201707-05
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227

cvelogic Threat Intelligence