Debian Security Advisory

DLA-3389-1 lldpd -- LTS security update

Date Reported:
10 Apr 2023
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-27827, CVE-2021-43612.
More information:

It was discovered that there were two potential denial of service (DoS) attacks in lldpd, a implementation of the IEEE 802.1ab (LLDP) protocol used to administer and monitor networking devices.

  • CVE-2020-27827

    A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

  • CVE-2021-43612

    crash in SONMP decoder

For Debian 10 Buster, these problems have been fixed in version 1.0.3-1+deb10u1.

We recommend that you upgrade your lldpd packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: