Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2018-10932

Published: 21/08/2018 Updated: 12/02/2023
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 294
Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Intel

Vulnerability Summary

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an malicious user to inject shell control characters into the buffer and impact the behavior of the terminal.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

intel lldptool

Vendor Advisories

Red Hat: Low: lldpad security and bug fix update
Synopsis Low: lldpad security and bug fix update Type/Severity Security Advisory: Low Topic An update for lldpad is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which g ...
Debian CVElist Bug Report Logs: lldpad: CVE-2018-10932: improper sanitization of shell-escape codes
Debian Bug report logs - #905901 lldpad: CVE-2018-10932: improper sanitization of shell-escape codes Package: src:lldpad; Maintainer for src:lldpad is Debian FCoE Maintainers <team+fcoe@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 Aug 2018 12:06:02 UTC Severity: important T ...
Amazon Linux 2: ALAS2-2021-1637
lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal (CVE-2018-10932) ...
Red Hat: CVE-2018-10932
lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal ...

References

CWE-117https://github.com/intel/openlldp/pull/7https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932https://bugzilla.redhat.com/show_bug.cgi?id=1551623https://access.redhat.com/errata/RHSA-2019:3673https://access.redhat.com/errata/RHSA-2019:3673https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2021-1637.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook