Re: Rule #1 -- Beware of home made protocols
If you read the advisories, it turns out it is different TLV fields in different products. So not a protocol issue, just one parsing long messages, and probably missed size checks when copying fields across into structures. Likely to be different code bases for each product which is why these are all different.
CVE-2020-3110 heap overflow in the parsing of DeviceID type-length-value (TLV)
CVE-2020-3111 stack overflow in the parsing of PortID type-length-value (TLV)
CVE-2020-3118 improper validation of string input from certain fields within a CDP message that could lead to a stack overflow
CVE-2020-3119 stack buffer overflow and arbitrary write in the parsing of Power over Ethernet (PoE) type-length-value
CVE-2020-3120 resource exhaustion DoS