Bug 2237411 (CVE-2023-41910)

Summary: CVE-2023-41910 lldpd: CDP PDU Packet cdp.c out-of-bounds read
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: lldpd 1.0.17 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in lldpd due to an out-of-bounds read in cdp_decode at daemon/protocols/cdp.c. By sending a specially crafted CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a remote attacker could cause a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2240980, 2240981    
Bug Blocks: 2237414    

Description Avinash Hanwate 2023-09-05 12:02:11 UTC 
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.

https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b
https://github.com/lldpd/lldpd/releases/tag/1.0.17
Comment 2 Marian Rehak 2023-09-27 14:20:39 UTC 
Created lldpd tracking bugs for this issue:

Affects: epel-all [bug 2240980]
Affects: fedora-all [bug 2240981]
Comment 5 errata-xmlrpc 2024-11-12 09:00:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9158 https://access.redhat.com/errata/RHSA-2024:9158