Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0781
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S7-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R2-EVO et 24.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 20.4R3-S9, 21.2R3-S6, 21.2R3-S7, 21.2R3-S8, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 21.4R3-S7, 22.1R3-S3, 22.1R3-S4, 22.1R3-S5, 22.2R3-S2, 22.2R3-S3, 22.2R3-S4, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.3R3-S3, 22.4R2-S2, 22.4R3, 22.4R3-S2, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.4R1, 23.4R1-S1, 23.4R2 et 24.2R1 | ||
| Juniper Networks | BBE Cloud Setup | BBE Cloudsetup versions antérieures à 2.1.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S7-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R2-EVO et 24.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.2R3-S6, 21.2R3-S7, 21.2R3-S8, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 21.4R3-S7, 22.1R3-S3, 22.1R3-S4, 22.1R3-S5, 22.2R3-S2, 22.2R3-S3, 22.2R3-S4, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.3R3-S3, 22.4R2-S2, 22.4R3, 22.4R3-S2, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.4R1, 23.4R1-S1, 23.4R2 et 24.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "BBE Cloudsetup versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "BBE Cloud Setup",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2024-21618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21618"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2024-39524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39524"
},
{
"name": "CVE-2020-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15861"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2014-2310",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
},
{
"name": "CVE-2024-39523",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39523"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2020-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15862"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2019-20892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20892"
},
{
"name": "CVE-2022-4886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4886"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2022-23525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23525"
},
{
"name": "CVE-2007-5846",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2024-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21605"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2022-23524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23524"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2015-8100",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8100"
},
{
"name": "CVE-2024-21615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21615"
},
{
"name": "CVE-2021-25746",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25746"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2008-6123",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2021-25748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25748"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2023-33953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
},
{
"name": "CVE-2022-23526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23526"
},
{
"name": "CVE-2014-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
},
{
"name": "CVE-2024-21609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21609"
},
{
"name": "CVE-2024-39522",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39522"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-32732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
},
{
"name": "CVE-2024-39517",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39517"
},
{
"name": "CVE-2023-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2024-39521",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39521"
},
{
"name": "CVE-2024-39512",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39512"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2021-44225",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44225"
},
{
"name": "CVE-2024-39553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39553"
},
{
"name": "CVE-2024-39520",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39520"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2014-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-5043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5043"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2021-25745",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25745"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0781",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-16T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75756",
"url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-low-privileged-user-can-access-confidential-information-CVE-2024-21615"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82975",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-CLI-parameter-processing-issues-allowing-privilege-escalation-resolved"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82977",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-User-is-not-logged-out-when-the-console-cable-is-disconnected-CVE-2024-39512"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82971",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-BBE-Cloudsetup-Multiple-vulnerabilities-resolved-in-2-1-0-release"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA79175",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Upon-processing-specific-L2-traffic-rpd-can-hang-in-devices-with-EVPN-VXLAN-configured-CVE-2024-39517"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82974",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL-3-0-12"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75746",
"url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-300-Series-Specific-link-local-traffic-causes-a-control-plane-overload-CVE-2024-21605"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75759",
"url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75750",
"url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-If-specific-IPsec-parameters-are-negotiated-iked-will-crash-due-to-a-memory-leak-CVE-2024-21609"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA79101",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-arbitrary-data-when-sampling-service-is-enabled-leads-to-partial-Denial-of-Service-DoS-CVE-2024-39553"
},
{
"published_at": "2024-09-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82973",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-net-SNMP-5-9-4"
}
]
}
CVE-2007-5846 (GCVE-0-2007-5846)
Vulnerability from cvelistv5 – Published: 2007-11-06 21:00 – Updated: 2024-08-07 15:47
VLAI
EPSS
Summary
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
29 references
Date Public
2007-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=528095\u0026group_id=12694"
},
{
"name": "USN-564-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-564-1"
},
{
"name": "28413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28413"
},
{
"name": "38904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38904"
},
{
"name": "MDKSA-2007:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:225"
},
{
"name": "ADV-2007-3802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3802"
},
{
"name": "27733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27733"
},
{
"name": "27685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1712988\u0026group_id=12694\u0026atid=112694"
},
{
"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198346"
},
{
"name": "FEDORA-2007-3019",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00613.html"
},
{
"name": "GLSA-200711-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-31.xml"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"
},
{
"name": "1018918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018918"
},
{
"name": "29785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29785"
},
{
"name": "27558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27558"
},
{
"name": "26378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26378"
},
{
"name": "ADV-2008-1234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"name": "RHSA-2007:1045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1045.html"
},
{
"name": "28825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28825"
},
{
"name": "DSA-1483",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1483"
},
{
"name": "oval:org.mitre.oval:def:11258",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-1/net-snmp/agent/snmp_agent.c?view=log"
},
{
"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"name": "27740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27740"
},
{
"name": "27689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27689"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=528095\u0026group_id=12694"
},
{
"name": "USN-564-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-564-1"
},
{
"name": "28413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28413"
},
{
"name": "38904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38904"
},
{
"name": "MDKSA-2007:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:225"
},
{
"name": "ADV-2007-3802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3802"
},
{
"name": "27733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27733"
},
{
"name": "27685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1712988\u0026group_id=12694\u0026atid=112694"
},
{
"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198346"
},
{
"name": "FEDORA-2007-3019",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00613.html"
},
{
"name": "GLSA-200711-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-31.xml"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"
},
{
"name": "1018918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018918"
},
{
"name": "29785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29785"
},
{
"name": "27558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27558"
},
{
"name": "26378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26378"
},
{
"name": "ADV-2008-1234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"name": "RHSA-2007:1045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1045.html"
},
{
"name": "28825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28825"
},
{
"name": "DSA-1483",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1483"
},
{
"name": "oval:org.mitre.oval:def:11258",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-1/net-snmp/agent/snmp_agent.c?view=log"
},
{
"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"name": "27740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27740"
},
{
"name": "27689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27689"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-5846",
"datePublished": "2007-11-06T21:00:00.000Z",
"dateReserved": "2007-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:47:00.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6123 (GCVE-0-2008-6123)
Vulnerability from cvelistv5 – Published: 2009-02-12 16:00 – Updated: 2024-08-07 11:20
VLAI
EPSS
Summary
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2008-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/2"
},
{
"name": "[oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=250429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485211"
},
{
"name": "[oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/4"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "SUSE-SR:2010:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html"
},
{
"name": "RHSA-2009:0295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0295.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34499"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev\u0026revision=17367"
},
{
"name": "oval:org.mitre.oval:def:10289",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289"
},
{
"name": "1021921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021921"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325\u0026r2=17367\u0026pathrev=17367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to \"source/destination IP address confusion.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/2"
},
{
"name": "[oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=250429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485211"
},
{
"name": "[oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/4"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "SUSE-SR:2010:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html"
},
{
"name": "RHSA-2009:0295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0295.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34499"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev\u0026revision=17367"
},
{
"name": "oval:org.mitre.oval:def:10289",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289"
},
{
"name": "1021921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021921"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325\u0026r2=17367\u0026pathrev=17367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to \"source/destination IP address confusion.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/2"
},
{
"name": "[oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/7"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=250429",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=250429"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=485211",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485211"
},
{
"name": "[oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/4"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "SUSE-SR:2010:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html"
},
{
"name": "RHSA-2009:0295",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0295.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34499"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev\u0026revision=17367",
"refsource": "CONFIRM",
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev\u0026revision=17367"
},
{
"name": "oval:org.mitre.oval:def:10289",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289"
},
{
"name": "1021921",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021921"
},
{
"name": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325\u0026r2=17367\u0026pathrev=17367",
"refsource": "MISC",
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325\u0026r2=17367\u0026pathrev=17367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6123",
"datePublished": "2009-02-12T16:00:00.000Z",
"dateReserved": "2009-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:20:25.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6151 (GCVE-0-2012-6151)
Vulnerability from cvelistv5 – Published: 2013-12-13 17:00 – Updated: 2024-08-06 21:28
VLAI
EPSS
Summary
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64048"
},
{
"name": "APPLE-SA-2015-10-21-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/bugs/2411/"
},
{
"name": "RHSA-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"
},
{
"name": "[oss-security] 20131202 Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/415"
},
{
"name": "[oss-security] 20131202 NMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/398"
},
{
"name": "USN-2166-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2166-1"
},
{
"name": "59974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59974"
},
{
"name": "57870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57870"
},
{
"name": "GLSA-201409-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"
},
{
"name": "netsnmp-cve20126151-dos(89485)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "55804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "64048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64048"
},
{
"name": "APPLE-SA-2015-10-21-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/p/net-snmp/bugs/2411/"
},
{
"name": "RHSA-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"
},
{
"name": "[oss-security] 20131202 Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/415"
},
{
"name": "[oss-security] 20131202 NMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/398"
},
{
"name": "USN-2166-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2166-1"
},
{
"name": "59974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59974"
},
{
"name": "57870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57870"
},
{
"name": "GLSA-201409-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"
},
{
"name": "netsnmp-cve20126151-dos(89485)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "55804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038007"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6151",
"datePublished": "2013-12-13T17:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:28:39.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2285 (GCVE-0-2014-2285)
Vulnerability from cvelistv5 – Published: 2014-04-27 22:00 – Updated: 2024-08-06 10:05
VLAI
EPSS
Summary
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1072778 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2014-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2014-0… | vendor-advisoryx_refsource_SUSE |
| https://rhn.redhat.com/errata/RHSA-2014-0322.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/59974 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20140… | vendor-advisoryx_refsource_GENTOO |
| http://sourceforge.net/p/net-snmp/patches/1275/ | x_refsource_CONFIRM |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.nntp.perl.org/group/perl.perl5.porters… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1072044 | x_refsource_CONFIRM |
| http://comments.gmane.org/gmane.comp.security.oss… | mailing-listx_refsource_MLIST |
Date Public
2014-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"
},
{
"name": "openSUSE-SU-2014:0398",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"
},
{
"name": "openSUSE-SU-2014:0399",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"
},
{
"name": "RHSA-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"
},
{
"name": "59974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59974"
},
{
"name": "GLSA-201409-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/patches/1275/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"
},
{
"name": "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"
},
{
"name": "openSUSE-SU-2014:0398",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"
},
{
"name": "openSUSE-SU-2014:0399",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"
},
{
"name": "RHSA-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"
},
{
"name": "59974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59974"
},
{
"name": "GLSA-201409-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/net-snmp/patches/1275/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"
},
{
"name": "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"
},
{
"name": "openSUSE-SU-2014:0398",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"
},
{
"name": "openSUSE-SU-2014:0399",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"
},
{
"name": "RHSA-2014:0322",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"
},
{
"name": "59974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59974"
},
{
"name": "GLSA-201409-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"
},
{
"name": "http://sourceforge.net/p/net-snmp/patches/1275/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/patches/1275/"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html",
"refsource": "MISC",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"
},
{
"name": "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws",
"refsource": "MLIST",
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2285",
"datePublished": "2014-04-27T22:00:00.000Z",
"dateReserved": "2014-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:05:59.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2310 (GCVE-0-2014-2310)
Vulnerability from cvelistv5 – Published: 2014-04-17 14:00 – Updated: 2024-08-06 10:06
VLAI
EPSS
Summary
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/57870 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/p/net-snmp/patches/1113/ | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2014/q1/513 | mailing-listx_refsource_MLIST |
| http://sourceforge.net/p/net-snmp/code/ci/eb81633… | x_refsource_CONFIRM |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2014/q1/527 | mailing-listx_refsource_MLIST |
| http://ubuntu.com/usn/usn-2166-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2010-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/patches/1113/"
},
{
"name": "[oss-security] 20140306 CVE request: net-snmp agentx incorrect handling of multi-object requests DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/513"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388"
},
{
"name": "[oss-security] 20140307 Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/527"
},
{
"name": "USN-2166-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2166-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-17T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/net-snmp/patches/1113/"
},
{
"name": "[oss-security] 20140306 CVE request: net-snmp agentx incorrect handling of multi-object requests DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/513"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388"
},
{
"name": "[oss-security] 20140307 Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/527"
},
{
"name": "USN-2166-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2166-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57870"
},
{
"name": "http://sourceforge.net/p/net-snmp/patches/1113/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/patches/1113/"
},
{
"name": "[oss-security] 20140306 CVE request: net-snmp agentx incorrect handling of multi-object requests DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/513"
},
{
"name": "http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388"
},
{
"name": "[oss-security] 20140307 Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/527"
},
{
"name": "USN-2166-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2166-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2310",
"datePublished": "2014-04-17T14:00:00.000Z",
"dateReserved": "2014-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:06:00.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3565 (GCVE-0-2014-3565)
Vulnerability from cvelistv5 – Published: 2014-10-07 14:00 – Updated: 2024-08-06 10:50
VLAI
EPSS
Summary
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/HT205375 | x_refsource_CONFIRM |
| http://sourceforge.net/p/net-snmp/code/ci/7f4a7b8… | x_refsource_CONFIRM |
| http://sourceforge.net/p/net-snmp/official-patches/48/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/69477 | vdb-entryx_refsource_BID |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2711-1 | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-updates/2014-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201507-17 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=1125155 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2015-1385.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2014-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-10-21-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/official-patches/48/"
},
{
"name": "69477",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69477"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "USN-2711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "openSUSE-SU-2014:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html"
},
{
"name": "GLSA-201507-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155"
},
{
"name": "RHSA-2015:1385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "APPLE-SA-2015-10-21-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/net-snmp/official-patches/48/"
},
{
"name": "69477",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69477"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "USN-2711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "openSUSE-SU-2014:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html"
},
{
"name": "GLSA-201507-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155"
},
{
"name": "RHSA-2015:1385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1385.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3565",
"datePublished": "2014-10-07T14:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:17.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5621 (GCVE-0-2015-5621)
Vulnerability from cvelistv5 – Published: 2015-08-19 15:00 – Updated: 2025-12-04 17:20
VLAI
EPSS
Summary
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
15 references
Date Public
2015-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:1502",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html"
},
{
"name": "45547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/"
},
{
"name": "RHSA-2015:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1636.html"
},
{
"name": "1033304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033304"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408"
},
{
"name": "USN-2711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "[oss-security] 20150416 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/15"
},
{
"name": "[oss-security] 20150413 net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/13/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX209443"
},
{
"name": "DSA-4154",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4154"
},
{
"name": "[oss-security] 20150731 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/31/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/net-snmp/bugs/2615/"
},
{
"name": "76380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-5621",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T17:20:51.406908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T17:20:54.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T10:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2015:1502",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html"
},
{
"name": "45547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/"
},
{
"name": "RHSA-2015:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1636.html"
},
{
"name": "1033304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033304"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408"
},
{
"name": "USN-2711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "[oss-security] 20150416 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/15"
},
{
"name": "[oss-security] 20150413 net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/13/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX209443"
},
{
"name": "DSA-4154",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4154"
},
{
"name": "[oss-security] 20150731 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/31/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/net-snmp/bugs/2615/"
},
{
"name": "76380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1502",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html"
},
{
"name": "45547",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"name": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/"
},
{
"name": "RHSA-2015:1636",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1636.html"
},
{
"name": "1033304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033304"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212408"
},
{
"name": "USN-2711-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "[oss-security] 20150416 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/15"
},
{
"name": "[oss-security] 20150413 net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/13/1"
},
{
"name": "http://support.citrix.com/article/CTX209443",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX209443"
},
{
"name": "DSA-4154",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4154"
},
{
"name": "[oss-security] 20150731 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/31/1"
},
{
"name": "https://sourceforge.net/p/net-snmp/bugs/2615/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/net-snmp/bugs/2615/"
},
{
"name": "76380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76380"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5621",
"datePublished": "2015-08-19T15:00:00.000Z",
"dateReserved": "2015-07-22T00:00:00.000Z",
"dateUpdated": "2025-12-04T17:20:54.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-8100 (GCVE-0-2015-8100)
Vulnerability from cvelistv5 – Published: 2015-11-10 02:00 – Updated: 2024-08-06 08:13
VLAI
EPSS
Summary
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/11/09/6 | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/134323/OpenB… | x_refsource_MISC |
| http://www.securitytracker.com/id/1034099 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151110 CVE request: net-snmp OpenBSD package - insecure file permission vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134323/OpenBSD-net-snmp-Information-Disclosure.html"
},
{
"name": "1034099",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151110 CVE request: net-snmp OpenBSD package - insecure file permission vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134323/OpenBSD-net-snmp-Information-Disclosure.html"
},
{
"name": "1034099",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151110 CVE request: net-snmp OpenBSD package - insecure file permission vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/6"
},
{
"name": "http://packetstormsecurity.com/files/134323/OpenBSD-net-snmp-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134323/OpenBSD-net-snmp-Information-Disclosure.html"
},
{
"name": "1034099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8100",
"datePublished": "2015-11-10T02:00:00.000Z",
"dateReserved": "2015-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:13:31.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18065 (GCVE-0-2018-18065)
Vulnerability from cvelistv5 – Published: 2018-10-08 18:00 – Updated: 2024-08-05 11:01
VLAI
EPSS
Summary
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://sourceforge.net/p/net-snmp/code/ci/7ffb8e… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/45547/ | exploitx_refsource_EXPLOIT-DB |
| https://usn.ubuntu.com/3792-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://dumpco.re/blog/net-snmp-5.7.3-remote-dos | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2018110… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3792-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3792-3/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2018/dsa-4314 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/106265 | vdb-entryx_refsource_BID |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://security.paloaltonetworks.com/CVE-2018-18065 | x_refsource_CONFIRM |
Date Public
2018-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/"
},
{
"name": "45547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"name": "USN-3792-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3792-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dumpco.re/blog/net-snmp-5.7.3-remote-dos"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181107-0001/"
},
{
"name": "USN-3792-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3792-2/"
},
{
"name": "USN-3792-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3792-3/"
},
{
"name": "DSA-4314",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4314"
},
{
"name": "106265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106265"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-18065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/"
},
{
"name": "45547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"name": "USN-3792-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3792-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dumpco.re/blog/net-snmp-5.7.3-remote-dos"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181107-0001/"
},
{
"name": "USN-3792-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3792-2/"
},
{
"name": "USN-3792-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3792-3/"
},
{
"name": "DSA-4314",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4314"
},
{
"name": "106265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106265"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-18065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/"
},
{
"name": "45547",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45547/"
},
{
"name": "USN-3792-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3792-1/"
},
{
"name": "https://dumpco.re/blog/net-snmp-5.7.3-remote-dos",
"refsource": "MISC",
"url": "https://dumpco.re/blog/net-snmp-5.7.3-remote-dos"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181107-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181107-0001/"
},
{
"name": "USN-3792-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3792-2/"
},
{
"name": "USN-3792-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3792-3/"
},
{
"name": "DSA-4314",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4314"
},
{
"name": "106265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106265"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2018-18065",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2018-18065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18065",
"datePublished": "2018-10-08T18:00:00.000Z",
"dateReserved": "2018-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20892 (GCVE-0-2019-20892)
Vulnerability from cvelistv5 – Published: 2020-06-25 09:07 – Updated: 2024-08-05 02:53
VLAI
EPSS
Summary
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/net-snm… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1663027 | x_refsource_MISC |
| https://sourceforge.net/p/net-snmp/bugs/2923/ | x_refsource_MISC |
| https://github.com/net-snmp/net-snmp/commit/5f881… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2020/06/25/4 | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/4410-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/202008-12 | vendor-advisoryx_refsource_GENTOO |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/net-snmp/bugs/2923/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9"
},
{
"name": "[oss-security] 20200625 [cve-request@...re.org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/25/4"
},
{
"name": "USN-4410-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4410-1/"
},
{
"name": "GLSA-202008-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/net-snmp/bugs/2923/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9"
},
{
"name": "[oss-security] 20200625 [cve-request@...re.org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/25/4"
},
{
"name": "USN-4410-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4410-1/"
},
{
"name": "GLSA-202008-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202008-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1663027",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663027"
},
{
"name": "https://sourceforge.net/p/net-snmp/bugs/2923/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/net-snmp/bugs/2923/"
},
{
"name": "https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9",
"refsource": "MISC",
"url": "https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9"
},
{
"name": "[oss-security] 20200625 [cve-request@...re.org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/25/4"
},
{
"name": "USN-4410-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4410-1/"
},
{
"name": "GLSA-202008-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20892",
"datePublished": "2020-06-25T09:07:42.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:53:09.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…