Debian 10264 Published by

A lldpd security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue that could result in an out-of-bounds read on heap memory.



ELA-958-1 lldpd security update

Package : lldpd
Version : 0.9.6-1+deb9u2 (stretch)

Related CVEs :
CVE-2023-41910

Matteo Memelli discovered a flaw in lldpd, an implementation of the IEEE
802.1ab protocol. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES
TLVs, a malicious actor can remotely force the lldpd daemon to perform an
out-of-bounds read on heap memory.

ELA-958-1 lldpd security update