Lucene search

[email protected]CVE-2021-43612

HistoryApr 15, 2023 - 10:15 p.m.

CVE-2021-43612

2023-04-1522:15:07

CWE-787

[email protected]

web.nvd.nist.gov

283

lldpd

cve-2021-43612

sonmp

packet decoding

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

69.9%

JSON

In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it’s possible to trigger an out-of-bounds heap read via short SONMP packets.

Affected configurations

NVD

Node

lldpd_projectlldpdRange<1.0.13

Node

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

References

github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7

github.com/lldpd/lldpd/compare/1.0.12...1.0.13

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/

lldpd.github.io/security.html

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

69.9%

JSON

Related for CVE-2021-43612

cvelist1 nessus6 veracode1 prion1 debiancve1 redhatcve1 alpinelinux1 nvd1 ubuntucve1 osv2 fedora3 debian2 openvas4