CVE-2018-10932
4.3
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Intel | lldptool | 1.0.1 and older | affected |
Weaknesses
- CWE-117: CWE-117
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932
- https://bugzilla.redhat.com/show_bug.cgi?id=1551623
- https://github.com/intel/openlldp/pull/7
- https://access.redhat.com/errata/RHSA-2019:3673
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932
- https://bugzilla.redhat.com/show_bug.cgi?id=1551623
- https://github.com/intel/openlldp/pull/7
- https://access.redhat.com/errata/RHSA-2019:3673
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.