CVE-2023-29552
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
| Vendor | n/a |
| Product | n/a |
| Published | Apr 25, 2023 |
| Last Updated | Oct 21, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for n/a n/a
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-29552.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
datatracker.ietf.org: https://datatracker.ietf.org/doc/html/rfc2608 bitsight.com: https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp blogs.vmware.com: https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html cisa.gov: https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks suse.com: https://www.suse.com/support/kb/doc/?id=000021051 curesec.com: https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html github.com: https://github.com/curesec/slpload security.netapp.com: https://security.netapp.com/advisory/ntap-20230426-0001/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552