In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
References
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
26 Apr 2023, 14:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Fedoraproject fedora
Lldpd Project lldpd Lldpd Project Fedoraproject |
|
References | (CONFIRM) https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 - Patch | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13 - Patch, Release Notes | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lldpd.github.io/security.html - Patch, Third Party Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
20 Apr 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Apr 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-15 22:15
Updated : 2023-12-10 15:01
NVD link : CVE-2021-43612
Mitre link : CVE-2021-43612
CVE.ORG link : CVE-2021-43612
JSON object : View
Products Affected
fedoraproject
- fedora
lldpd_project
- lldpd
CWE
CWE-787
Out-of-bounds Write