CVE-2018-10932

MEDIUM

Intel Lldptool < 1.0.1 - Memory Corruption

Title source: rule

Description

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

References (4)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:3673

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1551623

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932

[Third Party Advisory, VDB Entry] https://github.com/intel/openlldp/pull/7

Scores

CVSS v3 4.3

EPSS 0.0007

EPSS Percentile 22.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-119 CWE-117

Status published

Affected Products (1)

intel/lldptool < 1.0.1

Timeline

Published Aug 21, 2018

Tracked Since Feb 18, 2026