oss-sec mailing list archives

Re: CVE request: lldpd crash in lldp_decode due large management address

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 18 Oct 2015 21:42:53 +0200

* Florian Weimer:

Upstream commit:

<https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2>

If compiled with effective source fortification, the vulnerability is
just a crash and not exploitable for anything else, as a result of the
compiler-emitted length check for memcpy inside the PEEK_BYTES macro.


There is also another fix, an improper assert leading to a daemon
crash:

https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00

This probably needs a separate CVE ID.

Current thread:

CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 15)
- Re: CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 18)
- Re: CVE request: lldpd crash in lldp_decode due large management address cve-assign (Oct 29)