PublicDateAtUSN: 2020-01-28 19:15:00 UTC Candidate: CVE-2015-8011 PublicDate: 2020-01-28 19:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011 https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 http://www.openwall.com/lists/oss-security/2015/10/16/2 https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html https://ubuntu.com/security/notices/USN-4691-1 Description: Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. Ubuntu-Description: Notes: sbeattie> introduced in 0.5.6 Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_lldpd: upstream: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 upstream_lldpd: released (0.7.19-1) precise_lldpd: ignored (reached end-of-life) precise/esm_lldpd: DNE (precise was needs-triage) trusty_lldpd: ignored (reached end-of-life) trusty/esm_lldpd: DNE (trusty was needed) vivid_lldpd: ignored (reached end-of-life) vivid/stable-phone-overlay_lldpd: DNE vivid/ubuntu-core_lldpd: DNE wily_lldpd: ignored (reached end-of-life) xenial_lldpd: not-affected (0.7.19-1) yakkety_lldpd: not-affected (0.7.19-1) zesty_lldpd: not-affected (0.7.19-1) artful_lldpd: not-affected (0.7.19-1) bionic_lldpd: not-affected (0.7.19-1) cosmic_lldpd: not-affected (0.7.19-1) disco_lldpd: not-affected (0.7.19-1) focal_lldpd: not-affected (0.7.19-1) groovy_lldpd: not-affected (0.7.19-1) devel_lldpd: not-affected (0.7.19-1) Patches_openvswitch: upstream_openvswitch: needs-triage precise/esm_openvswitch: DNE trusty_openvswitch: ignored (out of standard support) trusty/esm_openvswitch: DNE xenial_openvswitch: released (2.5.9-0ubuntu0.16.04.2) esm-infra/xenial_openvswitch: released (2.5.9-0ubuntu0.16.04.2) bionic_openvswitch: released (2.9.7-0ubuntu0.18.04.2) focal_openvswitch: released (2.13.1-0ubuntu0.20.04.3) groovy_openvswitch: released (2.13.1-0ubuntu1.2) devel_openvswitch: released (2.15.0-0ubuntu1)