Skip to content

lldpd: fix CVE-2023-41910 and CVE-2021-43612 for kirkstone (CVE-Score 9.8 and 7.5) #815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
electroScorpion wants to merge 6 commits into
base: kirkstone
Choose a base branch
from
Open

lldpd: fix CVE-2023-41910 and CVE-2021-43612 for kirkstone (CVE-Score 9.8 and 7.5) #815

electroScorpion wants to merge 6 commits into from

Conversation

@electroScorpion
Copy link

@electroScorpion electroScorpion commented Apr 25, 2024

Apply changes to match fix from lldpd-Repository commit

More information about issue:

Suggested-by: Vincent Bernat (vincent@bernat.ch)

@GeorgGebauer-CZ
lldpd: fix CVE-2023-41910 for kirkstone
cecb7c4 
Apply changes to match fix of lldpd/lldpd@a9aeabd

More information about issue:
- https://nvd.nist.gov/vuln/detail/CVE-2023-41910

Suggested-by: Vincent Bernat (vincent@bernat.ch)
Signed-off-by: Georg Gebauer <georg.gebauer@zeiss.com>
@electroScorpion electroScorpion changed the title lldpd: fix CVE-2023-41910 for kirkstone lldpd: fix CVE-2023-41910 and CVE-2021-43612 for kirkstone (CVE-Score 9.8 and 7.5) Apr 26, 2024
@GeorgGebauer-CZ
lldpd: Fix CVE-2021-43612 heap overflow when reading SONMP packages
5e1dec4 
By sending short SONMP packets, an attacker can make the decoder crash
by reading too much data on the heap. SONMP packets are fixed in size,
just ensure we get the enough bytes to contain a SONMP packet.

References:
* lldpd/lldpd@73d4268
* https://nvd.nist.gov/vuln/detail/CVE-2021-43612

Suggested-by: Vincent Bernat (vincent@bernat.ch)
CVE: CVE-2021-43612

Signed-off-by: Georg Gebauer <georg.gebauer@zeiss.com>
@electroScorpion
Copy link
Author

electroScorpion commented May 24, 2024
edited
Loading

Hi @akuster and @kraj what is about this topic? Do you plan to include this security fixes?

@electroScorpion
Copy link
Author

electroScorpion commented Mar 18, 2025

@kraj and @akuster i have resolved the conflicts. between the branches. Can you please look over it and merge it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@akuster akuster

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@electroScorpion @akuster @GeorgGebauer-CZ