CVE-2018-10932

MEDIUM

Intel Lldptool < 1.0.1 - Memory Corruption

Title source: rule

Description

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

References (4)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1551623

[Third Party Advisory, VDB Entry] https://github.com/intel/openlldp/pull/7

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:3673

Scores

CVSS v3 4.3

EPSS 0.0007

EPSS Percentile 22.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-119 CWE-117

Status published

Products (1)

intel/lldptool < 1.0.1

Published Aug 21, 2018

Tracked Since Feb 18, 2026