[Debian] Critical CVE: CVE-2023-41910 lldpd: an out-of-bounds read on heap memory
Bug #2037481 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Li Zhou |
Bug Description
CVE-2023-41910: https:/
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/
Base Score: Critical
Reference:
lldpd_1.
https:/
https:/
CVE References
summary: |
- [Debian] Critical CVE: CVE-2023-41910 lldpd + [Debian] Critical CVE: CVE-2023-41910 lldpd: an out-of-bounds read on + heap memory |
Changed in starlingx: | |
assignee: | nobody → Li Zhou (lzhou2) |
tags: | added: stx.9.0 stx.security |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /integ/ +/898082
Review: https:/