Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-41910
HistorySep 05, 2023 - 12:00 a.m.

CVE-2023-41910

2023-09-0500:00:00
ubuntu.com
ubuntu.com
5
vulnerability
lldpd
cdp
remote attack
out-of-bounds read
heap memory
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%

An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU
packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely
force the lldpd daemon to perform an out-of-bounds read on heap memory.
This occurs in cdp_decode in daemon/protocols/cdp.c.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%