CVE-2021-43612

Name

CVE-2021-43612

Description

In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://lldpd.github.io/security.html
CONFIRM	https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7
CONFIRM	https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:lldpd_project:lldpd::::::::`	lldpd	>= None	< 1.0.13

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
lldpd	3.14-community	1.0.13-r0	Francesco Colista <fcolista@alpinelinux.org>	fixed
lldpd	3.15-community	1.0.13-r0	Francesco Colista <fcolista@alpinelinux.org>	fixed