MEDIUM
lldpd
CVE published 2026-06-09
CVE-2026-46433
CVE-2026-46433 is a MEDIUM severity vulnerability in lldpd prior to version 1.0.22. The lldpd_decode() function has a heap buffer over-read issue. The function strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. However, the third argument (byte count) is incorrectly calculated as s - 2 * ETHER_ADDR_LEN instead of s - 2 * ETHER_ADDR_LEN - 4. [truncated]