Aggregates CVE and security vulnerability intelligence across all lldpd_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-41910 | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | [email protected] | 9.8 | 0.15% | 2023-09-05 | 2024-11-21 |
| CVE-2021-43612 | In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. | [email protected] | 7.5 | 0.21% | 2023-04-15 | 2025-02-06 |
| CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | [email protected] | 7.5 | 0.50% | 2021-03-18 | 2025-12-03 |
| CVE-2015-8012 | lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. | [email protected] | 7.5 | 0.73% | 2020-01-28 | 2024-11-21 |
| CVE-2015-8011 | Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | [email protected] | 9.8 | 5.56% | 2020-01-28 | 2024-11-21 |