CVE-2021-43612

In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.

References

Affected packages

Git / github.com/lldpd/lldpd

Affected ranges

Type: GIT
Repo: https://github.com/lldpd/lldpd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

73d42680fce8598324364dbb31b9bc3b8320adf7

Affected versions

0.*

0.2

0.2.1

0.3

0.3.1

0.3.2

0.4.0

0.5.0

0.5.1

0.5.2

0.5.4

0.5.5

0.6.0

0.6.1

0.7.0

0.7.1

0.7.10

0.7.11

0.7.12

0.7.13

0.7.14

0.7.15

0.7.16

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.7.8

0.7.9

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

1.*

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "174270931191069446119922332806983027230",
                "328953425429319740967359908202123365019",
                "148474301713841057780854757599060454972",
                "303472043700785910045862048403819654472"
            ]
        },
        "target": {
            "file": "src/daemon/protocols/sonmp.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7",
        "id": "CVE-2021-43612-3f142231"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "123919934963719850177372057111646982388",
                "85242646061938928223557171248857657613",
                "290398165181504468760796425243008171327",
                "73400390999848461393684333828551772347",
                "66224003795423317515501178359389502228",
                "263998930456032330990528442924748879102",
                "134033607636796134223854940512835876482",
                "150652448467631310759880651304122297814",
                "75008514573464950100949670934350687236",
                "121758378453464247567102532326677508342",
                "99856463810497114028292624778359719239",
                "91295583977985738032834828095236946141",
                "121648892500187250039971799308710356741",
                "284151098791119388058347318805540286132",
                "42095772248954819309628834884020855252",
                "182881045688165871448594777995178323541"
            ]
        },
        "target": {
            "file": "tests/check_sonmp.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7",
        "id": "CVE-2021-43612-be4181ed"
    },
    {
        "digest": {
            "length": 1710.0,
            "function_hash": "8385375709133268312520587891129635825"
        },
        "target": {
            "function": "START_TEST",
            "file": "tests/check_sonmp.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7",
        "id": "CVE-2021-43612-ce80cd72"
    },
    {
        "digest": {
            "length": 3756.0,
            "function_hash": "31357405704987458856179538394491194529"
        },
        "target": {
            "function": "sonmp_decode",
            "file": "src/daemon/protocols/sonmp.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7",
        "id": "CVE-2021-43612-f8222931"
    }
]

Git / github.com/vincentbernat/lldpd