CVE-2026-46433
Analyzed Analyzed - Analysis Complete

Heap Buffer Over-Read in lldpd

Publication date: 2026-06-09

Last updated on: 2026-06-11

Assigner: GitHub, Inc.

Description
lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 * ETHER_ADDR_LEN but should be s - 2 * ETHER_ADDR_LEN - 4, causing a 4-byte heap buffer over-read past the malloc(h_mtu) allocation when the received frame size equals the interface MTU. This issue has been patched in version 1.0.22.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-11
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-28
NVD
CVE-2026-46433

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lldpd_project lldpd to 1.0.22 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in lldpd, an implementation of the IEEE 802.1ab (LLDP) protocol. Before version 1.0.22, the function lldpd_decode() incorrectly handles 802.1Q VLAN tags in received Ethernet frames. Specifically, it uses memmove() to shift the frame payload 4 bytes to the left but calculates the byte count incorrectly. Instead of subtracting 4 bytes for the VLAN tag, it does not, which causes a 4-byte heap buffer over-read beyond the allocated memory when the received frame size equals the interface MTU.

This issue was fixed in version 1.0.22 of lldpd.

Impact Analysis

The vulnerability can cause a heap buffer over-read, which may lead to application crashes or undefined behavior. According to the CVSS score (6.5), the impact is primarily on availability (A:H), meaning it can cause denial of service by crashing the lldpd process. There is no direct impact on confidentiality or integrity.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade lldpd to version 1.0.22 or later, where the issue has been patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart