{
  "threat_severity" : "Moderate",
  "public_date" : "2021-11-18T00:00:00Z",
  "bugzilla" : {
    "description" : "lldpd: out-of-bounds read when decoding SONMP packets",
    "id" : "2040388",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2040388"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.", "An out-of-bounds read vulnerability is present in lldpd. An attacker on the same network as the vulnerable system may use this vulnerability to leak memory data from the application or crash it by sending shorter SONMP packets than what is expected." ],
  "statement" : "The Impact of this flaw has been set to Moderate, as it generally results in leak of data or, in some particular circumstances, in a crash of the application. Moreover, it requires an attacker to be adjacent to the vulnerable system.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9158",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "lldpd-0:1.0.18-4.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "lldpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-43612\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43612" ],
  "name" : "CVE-2021-43612",
  "csaw" : false
}