ALT-PU-2016-2161-1
Closed vulnerabilities
Published: 2015-10-01
BDU:2021-01890
Уязвимость функции lldp_decode компонента daemon/protocols/lldp.c реализации протокола LLDP под Unix Lldpd, связанная с переполнением буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2020-01-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8011
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2015/10/16/2
- http://www.openwall.com/lists/oss-security/2015/10/30/2
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
- https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
- https://www.debian.org/security/2021/dsa-4836
- http://www.openwall.com/lists/oss-security/2015/10/16/2
- http://www.openwall.com/lists/oss-security/2015/10/30/2
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
- https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
- https://www.debian.org/security/2021/dsa-4836
Published: 2020-01-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8012
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2015/10/18/2
- http://www.openwall.com/lists/oss-security/2015/10/30/2
- https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
- https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0
- http://www.openwall.com/lists/oss-security/2015/10/18/2
- http://www.openwall.com/lists/oss-security/2015/10/30/2
- https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
- https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0