Описание
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
A buffer overflow was found in the lldp_decode function in daemon/protocols/lldp.c in lldpd. This flaw allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. This threatens the system's confidentiality, integrity, and availability.
Отчет
The lldpd package as shipped with Red Hat Enterprise Linux 8 is not affected by this flaw because it has already received the patch. The flaw affects versions before 0.8.0 and the shipped version is 1.0.1+. In addition, Red Hat Virtualization 4.3 manager appliance is out of support scope and therefore no fix for it will be delivered.
Меры по смягчению последствий
When the lldpd source is compiled with source fortification enabled, the flaw becomes unexploitable and will just cause a crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Fast Datapath for RHEL 7 | openvswitch2.10 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.12 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.12 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | lldpd | Not affected | ||
| Red Hat Virtualization 4 | rhv-openvswitch | Not affected | ||
| Fast Datapath for Red Hat Enterprise Linux 7 | openvswitch2.13 | Fixed | RHBA-2020:5306 | 01.12.2020 |
| Fast Datapath for Red Hat Enterprise Linux 7 | openvswitch2.11 | Fixed | RHBA-2020:5307 | 01.12.2020 |
| Fast Datapath for Red Hat Enterprise Linux 7 | openvswitch | Fixed | RHSA-2021:2077 | 20.05.2021 |
| Fast Datapath for Red Hat Enterprise Linux 8 | openvswitch2.13 | Fixed | RHBA-2020:5310 | 01.12.2020 |
| Fast Datapath for Red Hat Enterprise Linux 8 | openvswitch2.11 | Fixed | RHBA-2020:5311 | 01.12.2020 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Уязвимость функции lldp_decode компонента daemon/protocols/lldp.c реализации протокола LLDP под Unix Lldpd, связанная с переполнением буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
9.8 Critical
CVSS3