Main Vulnerability Database Vulnerabilities #VU49911

Reachable Assertion in lldpd - CVE-2015-8012

Published: January 28, 2020 / Updated: January 21, 2021

Vulnerability identifier: #VU49911

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-8012

CWE-ID: CWE-617

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: vincentbernat (Vincent Bernat)

Affected software:
lldpd

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in lldpd. A remote attacker can send specially crafted traffic to the system and perform a denial of service (DoS) attack.

How to mitigate CVE-2015-8012

Install updates from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2015/10/18/2
http://www.openwall.com/lists/oss-security/2015/10/30/2
https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0

Reachable Assertion in lldpd - CVE-2015-8012

Detailed vulnerability description

How to mitigate CVE-2015-8012

Sources

Please verify you're human