CVE-2018-10932

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:lldptool:*:*:*:*:*:*:*:*

History

12 Feb 2023, 23:31

Type Values Removed Values Added
CWE CWE-119 CWE-117
Summary lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2018-10932', 'name': 'https://access.redhat.com/security/cve/CVE-2018-10932', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHBA-2019:2339', 'name': 'https://access.redhat.com/errata/RHBA-2019:2339', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1614896', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1614896', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 21:18

Type Values Removed Values Added
References
  • {'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/148721', 'name': 'CVE-2018-10932', 'tags': ['Third Party Advisory'], 'refsource': 'lldptool weak security'}
  • {'url': 'https://access.redhat.com/security/cve/cve-2018-10932', 'name': 'CVE-2018-10932', 'tags': ['Third Party Advisory'], 'refsource': 'CVE-2018-10932'}
  • (MISC) https://access.redhat.com/security/cve/CVE-2018-10932 -
  • (MISC) https://access.redhat.com/errata/RHBA-2019:2339 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1614896 -
Summary lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

Information

Published : 2018-08-21 18:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-10932

Mitre link : CVE-2018-10932

CVE.ORG link : CVE-2018-10932


JSON object : View

Products Affected

intel

  • lldptool
CWE
CWE-117

Improper Output Neutralization for Logs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer