Out-of-Bounds Heap Read in lldpd Affected by SONMP Packets
CVE-2021-43612

7.5HIGH

Key Information:

Vendor: Lldpd Project
Status: Lldpd
Vendor: CVE Published:; 15 April 2023

🔔 Create Lldpd Project Vulnerability Alert

What is CVE-2021-43612?

In lldpd versions prior to 1.0.13, a vulnerability exists in the SONMP packet decoding process within the sonmp_decode function. This flaw could be exploited to perform an out-of-bounds heap read, potentially leading to memory corruption or unauthorized access to sensitive data. It is crucial for users to upgrade to version 1.0.13 or later to mitigate this security risk.

References

https://lldpd.github.io/security.html

https://github.com/lldpd/lldpd/commit/73d42680fce85983243...

https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2023
Vulnerability Reserved
Nov 12, 2021

CVE-2021-43612 Data

JSON