cve/2021/CVE-2021-21974.md

### [CVE-2021-21974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21974)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=OpenSLP%20heap-overflow%20vulnerability&color=brighgreen)

### Description

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

### POC

#### Reference
- http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html
- http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html

#### Github
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Awrrays/FrameVul
- https://github.com/CYBERTHREATANALYSIS/ESXi-Ransomware-Scanner-mi
- https://github.com/CYBERTHREATANALYSIS/ESXi_ransomware_scanner
- https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/Shadow0ps/CVE-2021-21974
- https://github.com/WhooAmii/POC_to_review
- https://github.com/chosenonehacks/Red-Team-tools-and-usefull-links
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/hateme021202/cve-2021-21974
- https://github.com/hktalent/TOP
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/karimhabush/cyberowl
- https://github.com/manas3c/CVE-POC
- https://github.com/n2x4/Feb2023-CVE-2021-21974-OSINT
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document
- https://github.com/soosmile/POC
- https://github.com/tom0li/collection-document
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-21974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21974)`
			`![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=OpenSLP%20heap-overflow%20vulnerability&color=brighgreen)`

			`### Description`

			`OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`- https://github.com/20142995/sectool`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Awrrays/FrameVul`
			`- https://github.com/CYBERTHREATANALYSIS/ESXi-Ransomware-Scanner-mi`
			`- https://github.com/CYBERTHREATANALYSIS/ESXi_ransomware_scanner`
			`- https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992`
			`- https://github.com/NaInSec/CVE-PoC-in-GitHub`
			`- https://github.com/SYRTI/POC_to_review`
			`- https://github.com/Shadow0ps/CVE-2021-21974`
			`- https://github.com/WhooAmii/POC_to_review`
			`- https://github.com/chosenonehacks/Red-Team-tools-and-usefull-links`
			`- https://github.com/fardeen-ahmed/Bug-bounty-Writeups`
			`- https://github.com/hateme021202/cve-2021-21974`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/k0mi-tg/CVE-POC`
			`- https://github.com/karimhabush/cyberowl`
			`- https://github.com/manas3c/CVE-POC`
			`- https://github.com/n2x4/Feb2023-CVE-2021-21974-OSINT`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document`
			`- https://github.com/soosmile/POC`
			`- https://github.com/tom0li/collection-document`
			`- https://github.com/trhacknon/Pocingit`
			`- https://github.com/whoforget/CVE-POC`
			`- https://github.com/youwizard/CVE-POC`
			`- https://github.com/zecool/cve`