CVE-2018-10932

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

Published : 2018-08-21 18:29 Updated : 2019-10-09 23:33

3.3
CVSS Score More info
Score 3.3 / 10
3.3
Vendor Product Version URI
Intel Lldptool 1.0.1 cpe:/a:intel:lldptool:1.0.1
  1. Intel (1) Search CVE
    1. Lldptool (1) Search CVE
      1. 1.0.1

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2018-10-23 14:58
2018-08-21 18:29

New CVE