Closed mend-for-github-com[bot] closed 1 year ago
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #16
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #16
Vulnerable Library - asuswrt-rt-ac86u386.45956
AsusWRT RT-AC86U router GPL source code
Library home page: https://github.com/blackfuel/asuswrt-rt-ac86u.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerable Source Files (3)
/release/src/router/lldpd-0.9.8/src/daemon/protocols/sonmp.h /release/src/router/lldpd-0.9.8/src/daemon/protocols/sonmp.h /release/src/router/lldpd-0.9.8/src/daemon/protocols/sonmp.h
Vulnerabilities
Details
CVE-2021-43612
### Vulnerable Library - asuswrt-rt-ac86u386.45956AsusWRT RT-AC86U router GPL source code
Library home page: https://github.com/blackfuel/asuswrt-rt-ac86u.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)/release/src/router/lldpd-0.9.8/src/daemon/protocols/sonmp.h /release/src/router/lldpd-0.9.8/src/daemon/protocols/sonmp.h /release/src/router/lldpd-0.9.8/src/daemon/protocols/sonmp.h
### Vulnerability DetailsIn lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
Publish Date: 2023-04-15
URL: CVE-2021-43612
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://lldpd.github.io/security.html
Release Date: 2021-11-13
Fix Resolution: 1.0.13