From: Vincent Bernat <vincent@bernat.ch>
Date: Wed, 13 Jan 2021 18:11:57 +0000 (+0100)
Subject: security: enhance description
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fcf94eb044c3aef8ea2b09e0e6eef5464abbe1f6;p=thirdparty%2Flldpd.git

security: enhance description
---

diff --git a/content/security.html b/content/security.html
index 5deb73ae..e745a9a9 100644
--- a/content/security.html
+++ b/content/security.html
@@ -10,11 +10,12 @@ directly.
 # Past vulnerabilities
 
  * [CVE-2020-27827][]: memory exhaustion attack through crafted LLDPU
-   with some duplicate TLVs. A remote device can send LLDPU with a
-   duplicate port description, system name, or system description TLV.
-   The vulnerability does not allow arbitrary code execution. This bug
-   is present since the initial release. It has been fixed in commit
-   [a8d3c90f][] and in version 1.0.8.
+   with duplicate TLVs. A remote device can send LLDPU with a
+   duplicate port description, system name, or system description TLV
+   and trigger a memory leak. The vulnerability does not allow
+   arbitrary code execution. This bug is present since the initial
+   release. It has been fixed in commit [a8d3c90f][] and in version
+   1.0.8.
 
  * [CVE-2015-8011][]: buffer overflow when handling management address
    TLV for LLDP. When a remote device was advertising a too large