CVE-2015-8012Reachable Assertion in Project Lldpd

CWE-617Reachable Assertion6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lldpd Project Lldpd
Timeline
PublishedJan 28
Latest updateMay 24

Description

lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDlldpd_project/lldpd< 0.8.0
Debianlldpd_project/lldpd< 0.7.19-1+3

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-26h8-43q7-4r2w: lldpd before 02022-05-24
CVEList
CVE-2015-8012: lldpd before 02020-01-28
OSV
CVE-2015-8012: lldpd before 02020-01-28

📋Vendor Advisories

2
Red Hat
lldpd: malformed packet leads to assertion failure and daemon crash2015-10-18
Debian
CVE-2015-8012: lldpd - lldpd before 0.8.0 allows remote attackers to cause a denial of service (asserti...2015
CVE-2015-8012 — Reachable Assertion in Project Lldpd | cvebase