) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:lldpd_project:lldpd:0.7.16:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-41910 |
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. Published: September 05, 2023; 3:15:14 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2021-43612 |
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. Published: April 15, 2023; 6:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2020-27827 |
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Published: March 18, 2021; 1:15:13 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.1 HIGH |
| CVE-2015-8012 |
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. Published: January 28, 2020; 2:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-8011 |
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. Published: January 28, 2020; 2:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |