Description:
The ipaddr-conflict subcommand of ltsudo (a SUID-root binary) copies its user-supplied interface-nameargument into a fixed 20-byte stack buffer with strcpy and no length check.
The issue has been reported as CVE-2026-55728.
Impact:
A loggin-in user may fill up the system log with ABORT messages.
Mitigation:
Upgrade to firmware version 8.4.18.

