Home

CVE-2018-10932

Description

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.074

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2019:3673) lldpad security and bug fix update lldpad-1.0.1-13.git036e314.el8.i686.rpmLinux
(RHSA-2019:3673) lldpad security and bug fix update lldpad-1.0.1-13.git036e314.el8.x86_64.rpmLinux
(RHSA-2019:3673) lldpad security and bug fix update lldpad-debugsource-1.0.1-13.git036e314.el8.i686.rpmLinux
(RHSA-2019:3673) lldpad security and bug fix update lldpad-debugsource-1.0.1-13.git036e314.el8.x86_64.rpmLinux
(CESA-2019:3673) lldpad security and bug fix update lldpad-1.0.1-13.git036e314.el8.i686.rpmLinux
(CESA-2019:3673) lldpad security and bug fix update lldpad-1.0.1-13.git036e314.el8.x86_64.rpmLinux
SUSE-SU-2021:3520-1(SUSE Linux Enterprise Server 12-SP5 ) liblldp_clif1-0.9.46-7.3.1.x86_64.rpmLinux
SUSE-SU-2021:3520-1(SUSE Linux Enterprise Server 12-SP5 ) liblldp_clif1-debuginfo-0.9.46-7.3.1.x86_64.rpmLinux
SUSE-SU-2021:3520-1(SUSE Linux Enterprise Server 12-SP5 ) open-lldp-0.9.46-7.3.1.x86_64.rpmLinux
SUSE-SU-2021:3520-1(SUSE Linux Enterprise Server 12-SP5 ) open-lldp-debuginfo-0.9.46-7.3.1.x86_64.rpmLinux
SUSE-SU-2021:3520-1(SUSE Linux Enterprise Server 12-SP5 ) open-lldp-debugsource-0.9.46-7.3.1.x86_64.rpmLinux
(RHSA-2019:3673)Low: security and bug fix update lldpad-debuginfo-1.0.1-13.git036e314.el8.i686.rpmLinux
(RHSA-2019:3673)Low: security and bug fix update lldpad-debuginfo-1.0.1-13.git036e314.el8.x86_64.rpmLinux
Lldpad update (ELSA-2019-3673) lldpad-1.0.1-13.git036e314.el8.i686.rpmLinux
Lldpad update (ELSA-2019-3673) lldpad-1.0.1-13.git036e314.el8.x86_64.rpmLinux
lldpad Security Update (ALAS-2021-1637) lldpad-1.0.1-5.git036e314.amzn2.0.1.i686.rpmLinux
lldpad Security Update (ALAS-2021-1637) lldpad-1.0.1-5.git036e314.amzn2.0.1.x86_64.rpmLinux
lldpad Security Update (ALAS-2021-1637) lldpad-devel-1.0.1-5.git036e314.amzn2.0.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234