Описание
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 0.7.19-1 |
| bionic | not-affected | 0.7.19-1 |
| cosmic | not-affected | 0.7.19-1 |
| devel | not-affected | 0.7.19-1 |
| disco | not-affected | 0.7.19-1 |
| esm-apps/bionic | not-affected | 0.7.19-1 |
| esm-apps/focal | not-affected | 0.7.19-1 |
| esm-apps/xenial | not-affected | 0.7.19-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| focal | not-affected | 0.7.19-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.9.7-0ubuntu0.18.04.2 |
| devel | released | 2.15.0-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 2.9.7-0ubuntu0.18.04.2 |
| esm-infra/focal | released | 2.13.1-0ubuntu0.20.04.3 |
| esm-infra/xenial | released | 2.5.9-0ubuntu0.16.04.2 |
| focal | released | 2.13.1-0ubuntu0.20.04.3 |
| groovy | released | 2.13.1-0ubuntu1.2 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Уязвимость функции lldp_decode компонента daemon/protocols/lldp.c реализации протокола LLDP под Unix Lldpd, связанная с переполнением буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2
9.8 Critical
CVSS3