An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.
References
Configurations
History
27 Sep 2023, 15:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Sep 2023, 16:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/lldpd/lldpd/releases/tag/1.0.17 - Release Notes | |
References | (MISC) https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b - Patch | |
CPE | cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:* | |
First Time |
Lldpd Project
Lldpd Project lldpd |
05 Sep 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-05 07:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-41910
Mitre link : CVE-2023-41910
CVE.ORG link : CVE-2023-41910
JSON object : View
Products Affected
lldpd_project
- lldpd
CWE
CWE-125
Out-of-bounds Read