CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41910 – lldpd: CDP PDU Packet cdp.c out-of-bounds read
https://notcve.org/view.php?id=CVE-2023-41910
05 Sep 2023 — An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. Se descubrió un problema en lldpd antes de la versión 1.0.17. Al manipular un paquete CDP PDU con TLVs CDP_TLV_ADDRESSES específicos, un actor malicioso puede forzar remotamente al demonio lldpd a realizar una lecutra fuera de límites en la ... • https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43612 – lldpd: out-of-bounds read when decoding SONMP packets
https://notcve.org/view.php?id=CVE-2021-43612
15 Apr 2023 — In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. An out-of-bounds read vulnerability is present in lldpd. An attacker on the same network as the vulnerable system may use this vulnerability to leak memory data from the application or crash it by sending shorter SONMP packets than what is expected. • https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2020-27827 – lldp/openvswitch: denial of service via externally triggered memory leak
https://notcve.org/view.php?id=CVE-2020-27827
28 Jan 2021 — A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causan... • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2015-8011 – lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c
https://notcve.org/view.php?id=CVE-2015-8011
28 Jan 2020 — Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. Un desbordamiento del búfer en la función lldp_decode en el archivo daemon/protocolos/lldp.c en lldpd versiones anteriores a 0.8.0, permite a atacantes remotos causar una denegación de servicio (bloqueo de daemon) y posiblemente ejecutar código a... • http://www.openwall.com/lists/oss-security/2015/10/16/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8012
https://notcve.org/view.php?id=CVE-2015-8012
28 Jan 2020 — lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. lldpd versiones anteriores a 0.8.0, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y bloqueo del demonio) por medio de un paquete malformado. • http://www.openwall.com/lists/oss-security/2015/10/18/2 • CWE-617: Reachable Assertion •