PT-2023-9187 · Lldpd+5 · Lldpd+5

Matteo Memelli

Published

2023-09-04

Updated

2025-03-17

CVE-2023-41910

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions lldpd versions prior to 1.0.17

Description An issue was discovered in the handling of CDP PDU packets with specific CDP TLV ADDRESSES TLVs. A malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in the cdp decode function in daemon/protocols/cdp.c. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.0.17, update to version 1.0.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the cdp decode function in daemon/protocols/cdp.c to minimize the risk of exploitation. Avoid using the CDP TLV ADDRESSES TLVs in CDP PDU packets until the issue is resolved.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:9158

ALT-PU-2023-5752

ALT-PU-2023-5878

ALT-PU-2024-14450

AZL-28656

BDU:2024-04479

CVE-2023-41910

DLA-3578-1

DSA-5505-1

INFSA-2024_9158

RHSA-2024:9158

RHSA-2024_9158

RLSA-2024:9158

Affected Products

Alt Linux

Almalinux

Red Hat

Red Os

Rocky Linux

Lldpd

PT-2023-9187 · Lldpd+5 · Lldpd+5

CVE-2023-41910

Weakness Enumeration

Related Identifiers

Affected Products

References · 35