Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2015/10/16/2 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/10/30/2 | Mailing List Patch Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf | |
https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/ | |
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07 | |
https://www.debian.org/security/2021/dsa-4836 | Third Party Advisory |
Configurations
History
07 Nov 2023, 02:28
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
02 Aug 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Mar 2021, 16:22
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/ - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
04 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Feb 2021, 18:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html - Mailing List, Third Party Advisory |
20 Feb 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Feb 2021, 16:29
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4836 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-01-28 19:15
Updated : 2023-12-10 13:13
NVD link : CVE-2015-8011
Mitre link : CVE-2015-8011
CVE.ORG link : CVE-2015-8011
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
lldpd_project
- lldpd
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')