CyberSec.Space Logo
Back to CVE Browser

CVE-2026-46433

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0300%
EPSS Percentile17.91th
PublishedJun 9, 2026
Last ModifiedJun 11, 2026

Vulnerability Description

lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 * ETHER_ADDR_LEN but should be s - 2 * ETHER_ADDR_LEN - 4, causing a 4-byte heap buffer over-read past the malloc(h_mtu) allocation when the received frame size equals the interface MTU. This issue has been patched in version 1.0.22.

Affected Platforms (CPE)

πŸ“¦
Lldpd Project

Lldpd

< 1.0.22

References & Advisories

πŸ”— https://github.com/lldpd/lldpd/commit/ca931be63a9cae0fcd8e9b6ae4e916d49f141cd6
πŸ”— https://github.com/lldpd/lldpd/pull/787
πŸ”— https://github.com/lldpd/lldpd/releases/tag/1.0.22
πŸ”— https://github.com/lldpd/lldpd/security/advisories/GHSA-2g8p-2h3j-63m3

Related Vulnerabilities

CVE-2015-80119.8

Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a de...

CVE-2021-436127.5

In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap r...

CVE-2015-80127.5

lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packe...

CVE-2020-16416.5

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading ...