CVE-2018-10932 — Improper Output Neutralization for Logs in Intel Lldptool

CWE-117 — Improper Output Neutralization for Logs CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 77.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Lldpad Intel Lldptool Msrc CBL Mariner 1.0 ARM +2 more

Timeline

PublishedAug 21

Latest updateMay 13

Description

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶NVDintel/lldptool1.0.1

▶CVEListV5intel/lldptool1.0.1 and older

▶debiandebian/lldpad< lldpad 1.0.1+git20180808.4e642bd-1 (bookworm)

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

🔴Vulnerability Details

GHSA

GHSA-93v9-vqwf-hhcg: lldptool version 1↗2022-05-13

▶

OSV

CVE-2018-10932: lldptool version 1↗2018-08-21

▶

📋Vendor Advisories

Microsoft

lldptool version 1.0.1 and older can print a raw unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the bu↗2018-08-14

▶

Red Hat

lldptool: improper sanitization of shell-escape codes↗2018-08-10

▶

Debian

CVE-2018-10932: lldpad - lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlle...↗2018

▶

💬Community

Bugzilla

CVE-2018-10932 lldpad: lldptool: improper sanitization of shell-escape codes [fedora-all]↗2018-08-10

▶

Bugzilla

CVE-2018-10932 lldptool: improper sanitization of shell-escape codes↗2018-08-10

▶