7.5

CVE-2015-8012

lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lldpd ProjectLldpd Version < 0.8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3% 0.856
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

http://www.openwall.com/lists/oss-security/2015/10/30/2
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/10/18/2
Patch
Third Party Advisory
Mailing List
https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
Patch
Third Party Advisory
https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0
Patch
Third Party Advisory