rpm package
almalinux/lldpd
pkg:rpm/almalinux/lldpd
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-41910 | — | < 1.0.18-4.el9 | 1.0.18-4.el9 | Sep 5, 2023 | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | ||
| CVE-2021-43612 | — | < 1.0.18-4.el9 | 1.0.18-4.el9 | Apr 15, 2023 | In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. | ||
| CVE-2020-27827 | — | < 1.0.18-4.el9 | 1.0.18-4.el9 | Mar 18, 2021 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. |
- CVE-2023-41910Sep 5, 2023affected < 1.0.18-4.el9fixed 1.0.18-4.el9
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.
- CVE-2021-43612Apr 15, 2023affected < 1.0.18-4.el9fixed 1.0.18-4.el9
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
- CVE-2020-27827Mar 18, 2021affected < 1.0.18-4.el9fixed 1.0.18-4.el9
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.