CVE-2015-8011

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.

References

http://www.openwall.com/lists/oss-security/2015/10/16/2

https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2

http://www.openwall.com/lists/oss-security/2015/10/30/2

https://www.debian.org/security/2021/dsa-4836

https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/

Details

Source: MITRE

Published: 2020-01-28

Updated: 2021-07-13

Type: CWE-120

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
150149RHEL 7 : Red Hat OpenStack Platform 10.0 (openvswitch) (RHSA-2021:2205)NessusRed Hat Local Security Checks
critical
149839RHEL 7 : openvswitch (RHSA-2021:2077)NessusRed Hat Local Security Checks
critical
148122RHEL 8 : rhvm-appliance (RHSA-2021:0988)NessusRed Hat Local Security Checks
critical
147881RHEL 7 : openvswitch2.11 and ovn2.11 (RHSA-2021:0931)NessusRed Hat Local Security Checks
critical
147151Fedora 33 : 2:dpdk / openvswitch (2021-fba11d37ee)NessusFedora Local Security Checks
critical
146677Debian DLA-2571-1 : openvswitch security updateNessusDebian Local Security Checks
critical
145309Debian DSA-4836-1 : openvswitch - security updateNessusDebian Local Security Checks
critical
144943Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Open vSwitch vulnerabilities (USN-4691-1)NessusUbuntu Local Security Checks
critical
144765RHEL 7 : Red Hat Virtualization (RHSA-2021:0028)NessusRed Hat Local Security Checks
critical
144509RHEL 8 : OpenShift Container Platform 4.6.9 packages and (RHSA-2020:5615)NessusRed Hat Local Security Checks
critical
144405RHEL 8 : Red Hat Virtualization (RHSA-2020:5611)NessusRed Hat Local Security Checks
critical
86620FreeBSD : lldpd -- Buffer overflow/Denial of service (2a4a112a-7c1b-11e5-bd77-0800275369e2)NessusFreeBSD Local Security Checks
critical