CVE-2023-41910

Опубликовано: 05 сент. 2023

Источник: redhat

CVSS3: 7.5

Описание

An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.

A flaw was found in lldpd due to an out-of-bounds read in cdp_decode at daemon/protocols/cdp.c. By sending a specially crafted CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a remote attacker could cause a denial of service.

Отчет

The highest threat from this vulnerability is system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	lldpd	Affected
Red Hat Enterprise Linux 9	lldpd	Fixed	RHSA-2024:9158	12.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2237411lldpd: CDP PDU Packet cdp.c out-of-bounds read

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-41910

CVSS3: 9.8

ubuntu

почти 2 года назад

CVE-2023-41910

CVSS3: 9.8

nvd

почти 2 года назад

CVE-2023-41910

CVSS3: 9.8

msrc

почти 2 года назад

Описание отсутствует

CVE-2023-41910

CVSS3: 9.8

debian

почти 2 года назад

An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU ...

ROS-20240611-11

CVSS3: 9.8

redos

около 1 года назад

Уязвимость lldpd

7.5 High

CVSS3