Published: 05/09/2023 Updated: 27/09/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

An issue exists in lldpd prior to 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lldpd project lldpd

Matteo Memelli reported an out-of-bounds read flaw when parsing CDP addresses in lldpd, an implementation of the IEEE 8021ab (LLDP) protocol A remote attacker can take advantage of this flaw to cause a denial of service via a specially crafted CDP PDU packet For the oldstable distribution (bullseye), this problem has been fixed in version 1011 ...

DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in lldpd before 1017 By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory This occurs in cdp_decode in daemon/protocols/cdpc ...

CWE-125 https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b https://github.com/lldpd/lldpd/releases/tag/1.0.17 https://lists.debian.org/debian-lts-announce/2023/09/msg00025.html https://www.debian.org/security/2023/dsa-5505 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5505

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-41910

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect