PT-2023-12472 · Lldpd+4 · Lldpd+4

Jeremy Galindo

Publicado

2021-12-02

Atualizado

2025-03-17

CVE-2021-43612

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions lldpd versions prior to 1.0.13

Description The issue arises when decoding SONMP packets in the sonmp decode function, allowing for an out-of-bounds heap read via short SONMP packets.

Recommendations For versions prior to 1.0.13, update to version 1.0.13 or later to resolve the issue. As a temporary workaround, consider restricting the processing of short SONMP packets to minimize the risk of exploitation.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2024:9158

ALT-PU-2021-3442

ALT-PU-2021-3512

ALT-PU-2023-1686

CVE-2021-43612

DLA-3389-1

INFSA-2024_9158

OPENSUSE-SU-2024:11635-1

RHSA-2024:9158

RHSA-2024_9158

RLSA-2024:9158

Produtos afetados

Alt Linux

Almalinux

Red Hat

Rocky Linux

Lldpd

PT-2023-12472 · Lldpd+4 · Lldpd+4

CVE-2021-43612

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33