Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lldpd_project | lldpd | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 33 |
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lldpd_project | lldpd | * |
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| siemens | simatic_net_cp_1243-8_irc_firmware | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | virtualization | 4.0 |
| redhat | enterprise_linux | 7.0 |
| siemens | simatic_net_cp_1243-1_firmware | - |
| redhat | openstack | 13 |
| siemens | sinumerik_one_firmware | * |
| fedoraproject | fedora | 33 |
| redhat | enterprise_linux | 8.0 |
| siemens | simatic_net_cp_1542sp-1_firmware | - |
| siemens | simatic_net_cp_1545-1_firmware | - |
| lldpd_project | lldpd | * |
| siemens | simatic_net_cp_1543-1_firmware | - |
| openvswitch | openvswitch | * |
| siemens | simatic_net_cp_1543sp-1_firmware | - |
| redhat | openstack | 10 |
| siemens | tim_1531_irc_firmware | * |
| siemens | simatic_net_cp_1542sp-1_irc_firmware | - |
| siemens | simatic_hmi_unified_comfort_panels_firmware | * |
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| lldpd_project | lldpd | * |
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lldpd_project | lldpd | * |