---

CVE-2020-27827 - log back

CVE-2020-27827 edited at 14 Jan 2021 21:54:20

References

https://github.com/lldpd/lldpd/blob/master/NEWS + https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61 https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html https://github.com/openvswitch/ovs/pull/337 - https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61 + https://github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a

CVE-2020-27827 edited at 14 Jan 2021 21:46:22
References	https://github.com/lldpd/lldpd/blob/master/NEWS + https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html https://github.com/openvswitch/ovs/pull/337 https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61

CVE-2020-27827 edited at 14 Jan 2021 08:44:42
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue was found in lldpd before version 1.0.8. A packet that contains multiple instances of certain TLVs will cause lldpd to continually allocate memory and leak the old memory. As an example, multiple instances of system name TLV will cause old values to be dropped by the decoding routine.
References	+ https://github.com/lldpd/lldpd/blob/master/NEWS + https://github.com/openvswitch/ovs/pull/337 + https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
Notes

CVE-2020-27827 created at 14 Jan 2021 08:41:54