CVE-2021-43612: 
NixOS vulnerability analysis and mitigation

CVE-2021-43612 is a vulnerability discovered in lldpd versions before 1.0.13, affecting the SONMP packet decoding functionality. The vulnerability was identified in the sonmp_decode function, where an out-of-bounds heap read could be triggered through short SONMP packets (NVD, LLDPD Security). The vulnerability was discovered by Jeremy Galindo and was fixed in version 1.0.13.

The vulnerability is classified as an out-of-bounds heap read vulnerability with a CVSS v3.1 Base Score of 7.5 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue occurs specifically in the sonmp_decode function when processing SONMP packets that are shorter than expected, potentially leading to reading beyond allocated memory boundaries (NVD).

While the vulnerability affects the parser which runs in an unprivileged and chrooted process, it can lead to a system crash. Importantly, according to the security advisory, this vulnerability does not allow arbitrary code execution (LLDPD Security).

The vulnerability was fixed in lldpd version 1.0.13 through commit 73d42680. Users are advised to upgrade to version 1.0.13 or later to address this security issue. The fix has been backported to various distributions, including Fedora 36, 37, and 38 through version 1.0.16-1 (LLDPD Security, Fedora Update).