Lucene search

[email protected]NVD:CVE-2021-43612

HistoryApr 15, 2023 - 10:15 p.m.

CVE-2021-43612

2023-04-1522:15:07

CWE-787

[email protected]

web.nvd.nist.gov

lldpd

vulnerability

heap read

sonmp packets

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

66.4%

JSON

In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it’s possible to trigger an out-of-bounds heap read via short SONMP packets.

Affected configurations

NVD

Node

lldpd_projectlldpdRange<1.0.13

Node

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

References

github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7

github.com/lldpd/lldpd/compare/1.0.12...1.0.13

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/

lldpd.github.io/security.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for NVD:CVE-2021-43612

veracode1 prion1 nessus6 cvelist1 cve1 debiancve1 redhatcve1 ubuntucve1 alpinelinux1 osv2 fedora3 openvas4 debian2