CVE-2023-29552 Information

Description

The Service Location Protocol (SLP RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Reference

https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html https://datatracker.ietf.org/doc/html/rfc2608 https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks https://www.suse.com/support/kb/doc/?id=000021051 https://github.com/curesec/slpload https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html https://security.netapp.com/advisory/ntap-20230426-0001/