CVE-2018-10932

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may…

redhat·CWE-117·Published 2018-08-21

CVSS

—

EPSS

0.01

KEV

Exploits

cve.orgen

246 chars

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

NVDen

246 chars

NVDes

285 chars

lldptool en versiones 1.0.1 y anteriores pueden imprimir un búfer en bruto, no saneado y controlado por el atacante cuando se muestra la información de mngAddr. Esto puede permitir a un atacante inyectar caracteres de control shell en el búfer y afectar al comportamiento del terminal.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:P/A:N
3.0	Primary	cve.org	4.3	—	—	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N