First published: Thu Oct 15 2015(Updated: )
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openvswitch2.13 | <0:2.13.0-62.el7fd | 0:2.13.0-62.el7fd |
redhat/openvswitch2.11 | <0:2.11.3-77.el7fd | 0:2.11.3-77.el7fd |
redhat/openvswitch | <0:2.9.9-1.el7fd | 0:2.9.9-1.el7fd |
redhat/openvswitch2.13 | <0:2.13.0-71.el8fd | 0:2.13.0-71.el8fd |
redhat/openvswitch2.11 | <0:2.11.3-74.el8fd | 0:2.11.3-74.el8fd |
redhat/openvswitch2.13 | <0:2.13.0-72.el8fd | 0:2.13.0-72.el8fd |
redhat/openvswitch-selinux-extra-policy | <0:1.0-17.el7fd | 0:1.0-17.el7fd |
redhat/ovn2.11 | <0:2.11.1-57.el7fd | 0:2.11.1-57.el7fd |
redhat/ovn2.11 | <0:2.11.1-56.el7fd | 0:2.11.1-56.el7fd |
redhat/redhat-virtualization-host | <0:4.3.12-20201216.0.el7_9 | 0:4.3.12-20201216.0.el7_9 |
redhat/redhat-virtualization-host | <0:4.4.3-20201210.0.el8_3 | 0:4.4.3-20201210.0.el8_3 |
redhat/rhvm-appliance | <0:4.4-20210310.0.el8e | 0:4.4-20210310.0.el8e |
debian/lldpd | 1.0.3-1 1.0.3-1+deb10u2 1.0.11-1+deb11u2 1.0.16-1+deb12u1 1.0.17-1 | |
debian/openvswitch | 2.10.7+ds1-0+deb10u1 2.10.7+ds1-0+deb10u4 2.15.0+ds1-2+deb11u4 3.1.0-2 3.2.0-2 | |
Lldpd Project Lldpd | >=0.5.6<0.8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =33 | |
redhat/lldpd | <0.8.0 | 0.8.0 |
: Siemens SIMATIC HMI Unified Comfort Panels | <17 | 17 |
: Siemens SIMATIC NET CP 1542SP-1 (6GK7542-6UX00-0XE0) | ||
: Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) (6GK7243-8RX30-0XE0) | ||
: Siemens SIMATIC NET CP 1543-1 (incl. SIPLUS variants) | ||
: Siemens SIMATIC NET CP 1543SP-1 (incl. SIPLUS variants) | ||
: Siemens SIMATIC NET CP 1545-1 (6GK7545-1GX00-0XE0) | <1.1 | 1.1 |
When the lldpd source is compiled with source fortification enabled, the flaw becomes unexploitable and will just cause a crash.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)