CVE-2023-41910 – lldpd: CDP PDU Packet cdp.c out-of-bounds read
https://notcve.org/view.php?id=CVE-2023-41910
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. Se descubrió un problema en lldpd antes de la versión 1.0.17. Al manipular un paquete CDP PDU con TLVs CDP_TLV_ADDRESSES específicos, un actor malicioso puede forzar remotamente al demonio lldpd a realizar una lecutra fuera de límites en la memoria heap. • https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b https://github.com/lldpd/lldpd/releases/tag/1.0.17 https://lists.debian.org/debian-lts-announce/2023/09/msg00025.html https://www.debian.org/security/2023/dsa-5505 https://access.redhat.com/security/cve/CVE-2023-41910 https://bugzilla.redhat.com/show_bug.cgi?id=2237411 • CWE-125: Out-of-bounds Read •
CVE-2021-43612 – lldpd: out-of-bounds read when decoding SONMP packets
https://notcve.org/view.php?id=CVE-2021-43612
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. An out-of-bounds read vulnerability is present in lldpd. An attacker on the same network as the vulnerable system may use this vulnerability to leak memory data from the application or crash it by sending shorter SONMP packets than what is expected. • https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D https://lldpd.github.io/security. • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2020-27827 – lldp/openvswitch: denial of service via externally triggered memory leak
https://notcve.org/view.php?id=CVE-2020-27827
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causando una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D https://mail.openvswitch.org/pipermail/ovs-dev/2021 • CWE-400: Uncontrolled Resource Consumption •
CVE-2015-8011 – lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c
https://notcve.org/view.php?id=CVE-2015-8011
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. Un desbordamiento del búfer en la función lldp_decode en el archivo daemon/protocolos/lldp.c en lldpd versiones anteriores a 0.8.0, permite a atacantes remotos causar una denegación de servicio (bloqueo de daemon) y posiblemente ejecutar código arbitrario por medio de vectores que involucran grandes direcciones de administración y límites de TLV. A buffer overflow was found in the lldp_decode function in daemon/protocols/lldp.c in lldpd. This flaw allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. This threatens the system's confidentiality, integrity, and availability. • http://www.openwall.com/lists/oss-security/2015/10/16/2 http://www.openwall.com/lists/oss-security/2015/10/30/2 https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR https://us-cert.cisa.gov/ics/advisories/icsa-21-194& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2015-8012
https://notcve.org/view.php?id=CVE-2015-8012
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. lldpd versiones anteriores a 0.8.0, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y bloqueo del demonio) por medio de un paquete malformado. • http://www.openwall.com/lists/oss-security/2015/10/18/2 http://www.openwall.com/lists/oss-security/2015/10/30/2 https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00 https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0 • CWE-617: Reachable Assertion •