CVE-2018-10932

medium

Description

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

References

Advisories

https://github.com/intel/openlldp/pull/7

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932

https://bugzilla.redhat.com/show_bug.cgi?id=1551623

https://access.redhat.com/errata/RHSA-2019:3673

Details

Source: Mitre, NVD

Published: 2018-08-21

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00114

Detections

Analytics