CVE Catalog

CVE-2026-46433

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile - higher than 3% of all known CVEs

Summary

In lldpd prior to version 1.0.22, there is a bug in the lldpd_decode() function that leads to a heap buffer over-read. This issue arises from incorrect byte count calculation, which may result in memory violations.

Risk Assessment

Organizations may be exposed to attacks exploiting this bug, potentially leading to unauthorized memory access or system instability. Specifically, attackers could leverage this issue to read sensitive data.

Recommendation

It is recommended to update lldpd to version 1.0.22 or later to mitigate this vulnerability. Additionally, monitoring and auditing network configurations can help identify potential threats.

Original NVD description (English source)

lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 * ETHER_ADDR_LEN but should be s - 2 * ETHER_ADDR_LEN - 4, causing a 4-byte heap buffer over-read past the malloc(h_mtu) allocation when the received frame size equals the interface MTU. This issue has been patched in version 1.0.22.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS