PT-2023-9187 · Lldpd+5 · Lldpd+5

Matteo Memelli

Publicado

2023-09-04

Atualizado

2025-03-17

CVE-2023-41910

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions lldpd versions prior to 1.0.17

Description An issue was discovered in the handling of CDP PDU packets with specific CDP TLV ADDRESSES TLVs. A malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in the cdp decode function in daemon/protocols/cdp.c. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.0.17, update to version 1.0.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the cdp decode function in daemon/protocols/cdp.c to minimize the risk of exploitation. Avoid using the CDP TLV ADDRESSES TLVs in CDP PDU packets until the issue is resolved.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2024:9158

ALT-PU-2023-5752

ALT-PU-2023-5878

ALT-PU-2024-14450

AZL-28656

BDU:2024-04479

CVE-2023-41910

DLA-3578-1

DSA-5505-1

INFSA-2024_9158

RHSA-2024:9158

RHSA-2024_9158

RLSA-2024:9158

Produtos afetados

Alt Linux

Almalinux

Red Hat

Red Os

Rocky Linux

Lldpd

PT-2023-9187 · Lldpd+5 · Lldpd+5

CVE-2023-41910

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35