[Debian]: CVE: CVE-2021-43612: lldpd an out-of-bounds heap read via short SONMP packets
Bug #2018641 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Zhixiong Chi |
Bug Description
CVE-2021-43612: https:/
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
Score:
cve_id status cvss3Score
CVE-2021-43612 fixed 7.5
References:
lldpd_1.
CVE References
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in starlingx: | |
assignee: | nobody → Zhixiong Chi (zhixiongchi) |
status: | Triaged → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. opendev. org/c/starlingx /integ/ +/882797 /opendev. org/starlingx/ integ/commit/ d1f4e2645d88046 f703fc1c8876035 b9512f829c
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit d1f4e2645d88046 f703fc1c8876035 b9512f829c
Author: Zhixiong Chi <email address hidden>
Date: Tue May 9 10:32:55 2023 +0800
lldpd: Upgrade lldpd to 1.0.11-1+deb11u1
Fix CVE-2021-43612
Refer to: /security- tracker. debian. org/tracker/ CVE-2021- 43612
https:/
TestPlan: 1+deb11u1. stx.4
PASS: downloader
PASS: build-pkgs -a -c
PASS: build-image
PASS: Jenkins Installation.
PASS: dpkg -l |grep lldpd
ii lldpd 1.0.11-
Closes-Bug: 2018641
Signed-off-by: Zhixiong Chi <email address hidden> 839e4555f709b48 24595a82ee2
Change-Id: I33215c6cca7ef4