CVE-2023-41910: daemon: fix read overflow when parsing CDP addresses · lldpd/lldpd@a9aeabd

Skip to content

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

• Notifications

• Fork 173

• Code

• Issues 33

• Pull requests 10

• Discussions

• Actions

• Projects

• Wiki

• Security

• Insights

Commit

Permalink

Browse files

Browse the repository at this point in the history

daemon: fix read overflow when parsing CDP addresses

• Loading branch information

Showing 2 changed files with 5 additions and 0 deletions.

• NEWS
• • cdp.c

4 changes: 4 additions & 0 deletions NEWS

@@ -1,3 +1,7 @@

lldpd (1.0.17)

* Fix:

+ Read overflow when parsing CDP addresses. Thanks to Matteo Memelli.

lldpd (1.0.16)

* Fix:

+ Do not use 00:00:00:00:00:00 as chassis ID.

Expand Down

1 change: 1 addition & 0 deletions src/daemon/protocols/cdp.c

Expand Up

@@ -466,6 +466,7 @@ cdp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardwar

goto malformed;

}

PEEK_DISCARD(address_len);

addresses_len -= address_len;

(void)PEEK_SAVE(pos_next_address);

/* Next, we go back and try to extract

IPv4 address */

Expand Down

0 comments on commit a9aeabd

Please sign in to comment.