Improper Output Neutralization for Logs
CVE-2018-10932
Summary
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
- LOW
- ADJACENT_NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-117 - Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
References
Advisory Timeline
- Published