CVE-2020-27827 - log back

CVE-2020-27827 edited at 14 Jan 2021 21:54:20
References
https://github.com/lldpd/lldpd/blob/master/NEWS
+ https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
https://github.com/openvswitch/ovs/pull/337
- https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
+ https://github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a
CVE-2020-27827 edited at 14 Jan 2021 21:46:22
References
https://github.com/lldpd/lldpd/blob/master/NEWS
+ https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
https://github.com/openvswitch/ovs/pull/337
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
CVE-2020-27827 edited at 14 Jan 2021 08:44:42
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A security issue was found in lldpd before version 1.0.8. A packet that contains multiple instances of certain TLVs will cause lldpd to continually allocate memory and leak the old memory. As an example, multiple instances of system name TLV will cause old values to be dropped by the decoding routine.
References
+ https://github.com/lldpd/lldpd/blob/master/NEWS
+ https://github.com/openvswitch/ovs/pull/337
+ https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
Notes
CVE-2020-27827 created at 14 Jan 2021 08:41:54