Your submission was sent successfully! Close

CVE-2014-3565

Published: 7 October 2014

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

Notes

AuthorNote
jdstrand
per upstream, -OQ option is uncommon
Priority

Low

Status

Package Release Status
net-snmp
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (5.4.3~dfsg-2.4ubuntu1.3)
trusty
Released (5.7.2~dfsg-8.1ubuntu3.1)
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid
Released (5.7.2~dfsg-8.1ubuntu5.1)
Patches:
upstream: http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/