oss-sec mailing list archives

CVE request: lldpd crash in lldp_decode due large management address

From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 16 Oct 2015 08:05:57 +0200

Upstream commit:

<https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2>

If compiled with effective source fortification, the vulnerability is
just a crash and not exploitable for anything else, as a result of the
compiler-emitted length check for memcpy inside the PEEK_BYTES macro.

Current thread:

CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 15)
- Re: CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 18)
- Re: CVE request: lldpd crash in lldp_decode due large management address cve-assign (Oct 29)