[Debian]: CVE: CVE-2021-43612: lldpd an out-of-bounds heap read via short SONMP packets
Bug #2018641 reported by
Yue Tao
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
High
|
Zhixiong Chi | ||
Bug Description
CVE-2021-43612: https:/
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
Score:
cve_id status cvss3Score
CVE-2021-43612 fixed 7.5
References:
lldpd_1.
CVE References
| tags: | added: stx.9.0 stx.security |
| Changed in starlingx: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in starlingx: | |
| assignee: | nobody → Zhixiong Chi (zhixiongchi) |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to integ (master) | #1 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit d1f4e2645d88046
Author: Zhixiong Chi <email address hidden>
Date: Tue May 9 10:32:55 2023 +0800
lldpd: Upgrade lldpd to 1.0.11-1+deb11u1
Fix CVE-2021-43612
Refer to:
https:/
TestPlan:
PASS: downloader
PASS: build-pkgs -a -c
PASS: build-image
PASS: Jenkins Installation.
PASS: dpkg -l |grep lldpd
ii lldpd 1.0.11-
Closes-Bug: 2018641
Signed-off-by: Zhixiong Chi <email address hidden>
Change-Id: I33215c6cca7ef4