A lldpd security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue that could result in an out-of-bounds read on heap memory.
ELA-958-1 lldpd security update
Package : lldpd
Version : 0.9.6-1+deb9u2 (stretch)
Related CVEs :
CVE-2023-41910
Matteo Memelli discovered a flaw in lldpd, an implementation of the IEEE
802.1ab protocol. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES
TLVs, a malicious actor can remotely force the lldpd daemon to perform an
out-of-bounds read on heap memory.