CVE-2015-8011

Name
CVE-2015-8011
Description
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List http://www.openwall.com/lists/oss-security/2015/10/16/2
Patch https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
Mailing List http://www.openwall.com/lists/oss-security/2015/10/30/2
Third Party Advisory https://www.debian.org/security/2021/dsa-4836
Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
MISC https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:* lldpd >= 0.5.6 < 0.8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status