FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lldpd -- Buffer overflow/Denial of service

Affected packages
0.5.6 <= lldpd < 0.7.19

Details

VuXML ID 2a4a112a-7c1b-11e5-bd77-0800275369e2
Discovery 2015-10-04
Entry 2015-10-26
Modified 2015-11-10

The lldpd developer Vincent Bernat reports:

A buffer overflow may allow arbitrary code execution only if hardening was disabled.

[source]

Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert() in this part.

[source]

References

CVE Name CVE-2015-8011
CVE Name CVE-2015-8012
URL http://www.openwall.com/lists/oss-security/2015/10/30/2
URL https://github.com/vincentbernat/lldpd/raw/0.7.19/NEWS

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.