Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202101-29
HistoryJan 20, 2021 - 12:00 a.m.

[ASA-202101-29] lldpd: information disclosure

2021-01-2000:00:00
security.archlinux.org
81

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

Arch Linux Security Advisory ASA-202101-29

Severity: Medium
Date : 2021-01-20
CVE-ID : CVE-2020-27827
Package : lldpd
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-1451

Summary

The package lldpd before version 1.0.8-1 is vulnerable to information
disclosure.

Resolution

Upgrade to 1.0.8-1.

pacman -Syu “lldpd>=1.0.8-1”

The problem has been fixed upstream in version 1.0.8.

Workaround

None.

Description

A security issue was found in lldpd before version 1.0.8. A packet that
contains multiple instances of certain TLVs will cause lldpd to
continually allocate memory and leak the old memory. As an example,
multiple instances of system name TLV will cause old values to be
dropped by the decoding routine.

Impact

A remote attack can leak information through crafted packets.

References

https://github.com/lldpd/lldpd/blob/master/NEWS
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
https://github.com/openvswitch/ovs/pull/337
https://github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a
https://security.archlinux.org/CVE-2020-27827

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylldpd< 1.0.8-1UNKNOWN

Related

photon 8
nessus 30
cve 1
openvas 17
cbl_mariner 3
redhatcve 1
osv 5
suse 1
veracode 1
alpinelinux 1
debiancve 1
redhat 10
prion 1
ubuntucve 1
archlinux 1
debian 4
ubuntu 1
fedora 5
ics 1
gentoo 1
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0381
2021-04-16 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0335
2021-04-07 00:00:00
Important Photon OS Security Update - PHSA-2021-0335
2021-04-07 00:00:00
nessus
nessus
SUSE SLES12 Security Update : openvswitch (SUSE-SU-2021:0297-1)
2021-02-04 00:00:00
openSUSE Security Update : openvswitch (openSUSE-2021-239)
2021-02-08 00:00:00
RHEL 8 : Red Hat Virtualization Host security, update (4.4.4-2) (Moderate) (RHSA-2021:0976)
2021-03-24 00:00:00
cve
cve
CVE-2020-27827
2021-03-18 17:15:00
openvas
openvas
openSUSE: Security Advisory for openvswitch (openSUSE-SU-2021:0239-1)
2021-04-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0258-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0297-1)
2021-04-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-27827 affecting package openvswitch 2.12.0-3
2021-05-06 23:56:49
CVE-2020-27827 affecting package lldpd 1.0.4-4
2022-08-31 06:17:55
CVE-2020-27827 affecting package lldpd 1.0.4-3
2024-04-26 21:08:25
redhatcve
redhatcve
CVE-2020-27827
2021-01-28 02:24:31
osv
osv
CVE-2020-27827
2021-03-18 17:15:13
lldpd - security update
2023-04-10 00:00:00
openvswitch vulnerabilities
2021-01-13 17:15:51
suse
suse
Security update for openvswitch (important)
2021-02-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-01-14 16:37:28
alpinelinux
alpinelinux
CVE-2020-27827
2021-03-18 17:15:00
debiancve
debiancve
CVE-2020-27827
2021-03-18 17:15:00
redhat
redhat
(RHSA-2021:0976) Moderate: Red Hat Virtualization Host security, bug fix and enhancement update (4.4.4-2)
2021-03-23 18:36:22
(RHSA-2021:1051) Moderate: RHV-H enhancement and security update (redhat-virtualization-host) 4.3.14
2021-03-31 12:24:54
(RHSA-2021:1050) Moderate: openvswitch2.11 security update
2021-03-31 12:24:44
prion
prion
Denial of service
2021-03-18 17:15:00
ubuntucve
ubuntucve
CVE-2020-27827
2021-01-13 00:00:00
archlinux
archlinux
[ASA-202101-28] openvswitch: multiple issues
2021-01-20 00:00:00
debian
debian
[SECURITY] [DSA 4836-1] openvswitch security update
2021-01-22 18:52:14
[SECURITY] [DLA 3389-1] lldpd security update
2023-04-12 15:17:27
[SECURITY] [DLA 3388-1] lldpd security update
2023-04-10 17:00:01
ubuntu
ubuntu
Open vSwitch vulnerabilities
2021-01-13 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: lldpd-1.0.16-1.fc38
2023-04-19 01:40:28
[SECURITY] Fedora 36 Update: lldpd-1.0.16-1.fc36
2023-04-20 05:24:35
[SECURITY] Fedora 37 Update: lldpd-1.0.16-1.fc37
2023-04-20 02:54:39
ics
ics
Siemens Industrial Products LLDP (Update D)
2022-08-18 12:00:00
gentoo
gentoo
Open vSwitch: Multiple Vulnerabilities
2023-11-26 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON
Related for ASA-202101-29
photon8nessus30cve1openvas17cbl_mariner3redhatcve1osv5suse1veracode1alpinelinux1debiancve1redhat10prion1ubuntucve1archlinux1debian4ubuntu1fedora5ics1gentoo1