Vulnerability Details : CVE-2021-43612
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-43612
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-43612
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-43612
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-43612
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-43612
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
[SECURITY] Fedora 38 Update: lldpd-1.0.16-1.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/
[SECURITY] Fedora 36 Update: lldpd-1.0.16-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lldpd.github.io/security.html
lldpd » implementation of IEEE 802.1AB | SecurityPatch;Third Party Advisory
-
https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
sonmp: fix heap overflow when reading SONMP packets · lldpd/lldpd@73d4268 · GitHubPatch
-
https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13
Comparing 1.0.12...1.0.13 · lldpd/lldpd · GitHubPatch;Release Notes
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
[SECURITY] Fedora 37 Update: lldpd-1.0.16-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to