FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2018-10932

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

Published: Aug 21, 2018 / Updated: 62mo ago

010
No CVSS yetEPSS 0.18%
CVE info copied to clipboard

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

Timeline

First Article

Feedly found the first article mentioning CVE-2018-10932. See article

Aug 21, 2018 at 7:54 PM / cve.mitre.org
EPSS

EPSS Score was set to: 0.18% (Percentile: 55.3%)

Oct 20, 2023 at 7:57 AM
Static CVE Timeline Graph

Affected Systems

Intel/lldptool
+null more

Links to Mitre Att&cks

T1070: Indicator Removal on Host
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

Fedora 27 : lldpad (2018-e9d1ec6dbc)
Updated Plugins from Tenable / 4mo
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. The remote Fedora host is missing a security update.
RHEL 6 : lldpad (Unpatched Vulnerability)
Newest Nessus Plugins from Tenable / 5mo
Nessus Plugin ID 199219 with Medium Severity Synopsis The remote Red Hat 6 host is affected by a vulnerability that will not be patched. Description The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lldptool: improper sanitization of shell-escape codes (CVE-2018-10932) Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed. Solution The vendor has acknowledged the vulnerability but no solution has been provided. Refer to the vendor for remediation guidance. Read more at https://www.tenable.com/plugins/nessus/199219
redhat_unpatched lldpad: lldpad: Unpatched vulnerabilities
Recently Released Plugin Pipeline from Tenable / 5mo
Released Last Updated: 6/4/2024 CVEs: CVE-2018-10932 Plugins: 199219
Rocky Linux 8 : lldpad (RLSA-2019:3673)
Newest Nessus Plugins from Tenable / 12mo
- lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3673 advisory.
AlmaLinux 8 : lldpad (ALSA-2019:3673)
Newest Nessus Plugins from Tenable / 33mo
Nessus Plugin ID 157693 with Medium Severity Synopsis The remote AlmaLinux host is missing a security update. Description The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2019:3673 advisory. - lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. (CVE-2018-10932) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected lldpad package. Read more at https://www.tenable.com/plugins/nessus/157693
See 12 more articles and social media posts

CVSS V3.1

Unknown

Categories

CWE-119(12617)CWE-117(81)Intel(1512)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial