CVE-2021-43612Out-of-bounds Write in Project Lldpd

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 67.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lldpd Project LldpdFedoraproject Fedora
Timeline
PublishedApr 15
Latest updateApr 16

Description

In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDlldpd_project/lldpd< 1.0.13
Debianlldpd_project/lldpd< 1.0.11-1+deb11u1+3

Also affects: Fedora 36, 37, 38

Patches

Patch: github.comPatch: github.comPatch: lldpd.github.io

🔴Vulnerability Details

3
GHSA
GHSA-x6gw-c547-cwm7: In lldpd before 12023-04-16
OSV
CVE-2021-43612: In lldpd before 12023-04-15
CVEList
CVE-2021-43612: In lldpd before 12023-04-15

📋Vendor Advisories

2
Red Hat
lldpd: out-of-bounds read when decoding SONMP packets2021-11-18
Debian
CVE-2021-43612: lldpd - In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function...2021
CVE-2021-43612 — Out-of-bounds Write in Project Lldpd | cvebase