Описание
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
An out-of-bounds read vulnerability is present in lldpd. An attacker on the same network as the vulnerable system may use this vulnerability to leak memory data from the application or crash it by sending shorter SONMP packets than what is expected.
Отчет
The Impact of this flaw has been set to Moderate, as it generally results in leak of data or, in some particular circumstances, in a crash of the application. Moreover, it requires an attacker to be adjacent to the vulnerable system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | lldpd | Will not fix | ||
| Red Hat Enterprise Linux 9 | lldpd | Fixed | RHSA-2024:9158 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decod ...
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
EPSS
7.3 High
CVSS3