PT-2015-3400 · Linux+4 · Lldpd+4

Florian Weimer

Publicado

2015-10-01

Atualizado

2021-08-02

CVE-2015-8011

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions lldpd versions prior to 0.8.0

Description The issue is related to a buffer overflow in the lldp decode function, which can be exploited by remote attackers to cause a denial of service, potentially leading to a daemon crash, and possibly execute arbitrary code. This can be achieved through vectors involving large management addresses and TLV boundaries. The vulnerability allows an attacker to access confidential data, compromise its integrity, and cause a service disruption.

Recommendations For versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the lldp decode function in the daemon/protocols/lldp.c component to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120

Identificadores relacionados

ALT-PU-2016-2161

ALT-PU-2021-1061

ALT-PU-2021-1177

ALT-PU-2021-2054

BDU:2021-01890

CVE-2015-8011

DLA-2571-1

DSA-4836-1

OESA-2021-1179

RHSA-2020:5611

RHSA-2020:5615

RHSA-2021:0028

RHSA-2021:0931

RHSA-2021:0988

RHSA-2021:2077

RHSA-2021:2205

USN-4691-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Lldpd

PT-2015-3400 · Linux+4 · Lldpd+4

CVE-2015-8011

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36