| Bug ID | 1184894 |
|---|---|
| Summary | VUL-0: CVE-2015-8011,CVE-2015-8012: lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.1 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/158400/ |
| OS | Other |
| Status | NEW |
| Severity | Major |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | atoptsoglou@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2015-8011 Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. CVE-2015-8012 lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. References: http://www.openwall.com/lists/oss-security/2015/10/16/2 http://www.openwall.com/lists/oss-security/2015/10/30/2 Upstream patch: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 References: https://bugzilla.redhat.com/show_bug.cgi?id=1896498 https://bugzilla.redhat.com/show_bug.cgi?id=1896536 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8012 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8011 http://www.openwall.com/lists/oss-security/2015/10/30/2 http://www.openwall.com/lists/oss-security/2015/10/16/2 http://www.openwall.com/lists/oss-security/2015/10/18/2 http://seclists.org/oss-sec/2015/q4/198 https://access.redhat.com/errata/RHSA-2020:5611.html http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8011.html http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8012.html https://access.redhat.com/errata/RHSA-2021:0931 https://access.redhat.com/errata/RHSA-2021:0988 https://access.redhat.com/errata/RHSA-2021:0931.html https://access.redhat.com/errata/RHSA-2021:0988.html https://access.redhat.com/errata/RHBA-2020:5306.html https://access.redhat.com/errata/RHSA-2021:0028.html https://access.redhat.com/errata/RHBA-2020:5307.html https://access.redhat.com/errata/RHBA-2020:5311.html https://access.redhat.com/errata/RHBA-2020:5310.html https://access.redhat.com/errata/RHSA-2020:5615.html https://access.redhat.com/errata/RHBA-2020:5310 https://access.redhat.com/errata/RHBA-2020:5311 https://access.redhat.com/errata/RHBA-2020:5306 https://access.redhat.com/errata/RHBA-2020:5307 https://access.redhat.com/errata/RHSA-2020:5611 https://access.redhat.com/security/cve/CVE-2015-8012 https://access.redhat.com/security/cve/CVE-2015-8011 https://access.redhat.com/errata/RHSA-2020:5615 https://access.redhat.com/errata/RHSA-2021:0028 http://www.debian.org/security/-1/dsa-4836 https://www.debian.org/security/2021/dsa-4836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011 https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980132 https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 https://github.com/vincentbernat/lldpd/commit/8738a36d30e2e94257c5b1ae9cd3e7c3d314808e http://cve.mitre.org/cve/request_id.html https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00