PT-2015-3400 · Linux+4 · Lldpd+4

Florian Weimer

Published

2015-10-01

Updated

2021-08-02

CVE-2015-8011

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions lldpd versions prior to 0.8.0

Description The issue is related to a buffer overflow in the lldp decode function, which can be exploited by remote attackers to cause a denial of service, potentially leading to a daemon crash, and possibly execute arbitrary code. This can be achieved through vectors involving large management addresses and TLV boundaries. The vulnerability allows an attacker to access confidential data, compromise its integrity, and cause a service disruption.

Recommendations For versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the lldp decode function in the daemon/protocols/lldp.c component to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2016-2161

ALT-PU-2021-1061

ALT-PU-2021-1177

ALT-PU-2021-2054

BDU:2021-01890

CVE-2015-8011

DLA-2571-1

DSA-4836-1

OESA-2021-1179

RHSA-2020:5611

RHSA-2020:5615

RHSA-2021:0028

RHSA-2021:0931

RHSA-2021:0988

RHSA-2021:2077

RHSA-2021:2205

USN-4691-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Lldpd

PT-2015-3400 · Linux+4 · Lldpd+4

CVE-2015-8011

Weakness Enumeration

Related Identifiers

Affected Products

References · 36