Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lldpd: fix CVE-2023-41910 and CVE-2021-43612 for kirkstone (CVE-Score 9.8 and 7.5) #815

Open
wants to merge 4 commits into
base: kirkstone
Choose a base branch
from

Conversation

electroScorpion
Copy link

Apply changes to match fix from lldpd-Repository commit

More information about issue:

Suggested-by: Vincent Bernat (vincent@bernat.ch)

Apply changes to match fix of lldpd/lldpd@a9aeabd

More information about issue:
- https://nvd.nist.gov/vuln/detail/CVE-2023-41910

Suggested-by: Vincent Bernat (vincent@bernat.ch)
Signed-off-by: Georg Gebauer <georg.gebauer@zeiss.com>
@electroScorpion electroScorpion changed the title lldpd: fix CVE-2023-41910 for kirkstone lldpd: fix CVE-2023-41910 and CVE-2021-43612 for kirkstone (CVE-Score 9.8 and 7.5) Apr 26, 2024
By sending short SONMP packets, an attacker can make the decoder crash
by reading too much data on the heap. SONMP packets are fixed in size,
just ensure we get the enough bytes to contain a SONMP packet.

References:
* lldpd/lldpd@73d4268
* https://nvd.nist.gov/vuln/detail/CVE-2021-43612

Suggested-by: Vincent Bernat (vincent@bernat.ch)
CVE: CVE-2021-43612

Signed-off-by: Georg Gebauer <georg.gebauer@zeiss.com>
@electroScorpion
Copy link
Author

electroScorpion commented May 24, 2024

Hi @akuster and @kraj what is about this topic? Do you plan to include this security fixes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants