lldpd -- Buffer overflow/Denial of service

ID 2A4A112A-7C1B-11E5-BD77-0800275369E2
Type freebsd
Reporter FreeBSD
Modified 2015-11-10T00:00:00


The lldpd developer Vincent Bernat reports:

A buffer overflow may allow arbitrary code execution only if hardening was disabled.

Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert() in this part.