CVE-2018-10932 Information

Feb 14, 2021 cve

Description

lldptool version 1.0.1 and older can print a raw unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://access.redhat.com/errata/RHSA-2019:3673 https://access.redhat.com/security/cve/cve-2018-10932 https://bugzilla.redhat.com/show_bug.cgi?id=1551623 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932 https://exchange.xforce.ibmcloud.com/vulnerabilities/148721 https://github.com/intel/openlldp/pull/7

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3

Share on: