CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.3%
Severity: Medium
Date : 2021-01-20
CVE-ID : CVE-2020-27827
Package : lldpd
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-1451
The package lldpd before version 1.0.8-1 is vulnerable to information
disclosure.
Upgrade to 1.0.8-1.
The problem has been fixed upstream in version 1.0.8.
None.
A security issue was found in lldpd before version 1.0.8. A packet that
contains multiple instances of certain TLVs will cause lldpd to
continually allocate memory and leak the old memory. As an example,
multiple instances of system name TLV will cause old values to be
dropped by the decoding routine.
A remote attack can leak information through crafted packets.
https://github.com/lldpd/lldpd/blob/master/NEWS
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
https://github.com/openvswitch/ovs/pull/337
https://github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a
https://security.archlinux.org/CVE-2020-27827
github.com/lldpd/lldpd/blob/master/NEWS
github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a
github.com/openvswitch/ovs/pull/337
mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
security.archlinux.org/AVG-1451
security.archlinux.org/CVE-2020-27827
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.3%