CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

Search Vulnerabilities

Software

Searching vulnerabilities affecting “lldpd_project”

5 vulnerabilities found for “lldpd_project”

CVE-2023-41910

CRITICAL9.8

An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.

lldpd_project / lldpd

Network

Published Sep 5, 2023

CVE-2021-43612

HIGH7.5

In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.

lldpd_project / lldpd+3

Network

Published Apr 15, 2023

CVE-2020-27827

HIGH7.5

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

lldpd_project / lldpd+26

Network

Published Mar 18, 2021

CVE-2015-8011

CRITICAL9.8

Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.

lldpd_project / lldpd+3

Network

Published Jan 28, 2020

CVE-2015-8012

HIGH7.5

lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.

lldpd_project / lldpd

Network

Published Jan 28, 2020