CVE-2018-10932

NameCVE-2018-10932
Descriptionlldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs905901

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lldpad (PTS)stretch0.9.46-3.1vulnerable
buster1.0.1+git20180808.4e642bd-1fixed
bullseye1.1-1fixed
bookworm1.1+git20221028.aa18720-1fixed
sid, trixie1.1.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lldpadsource(unstable)1.0.1+git20180808.4e642bd-1unimportant905901

Notes

https://github.com/intel/openlldp/pull/7
https://github.com/intel/openlldp/commit/41feb359a9d0082b0bcf68b1f2b37227f02af4f1
Terminal emulators need to perform proper escaping

Search for package or bug name: Reporting problems