Published: 19 August 2016

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

From the Ubuntu security team

It was discovered that collectd mishandled certain malformed packets. A remote attacker could use this vulnerablility to cause collectd to crash or possibly execuite arbitrary code.



CVSS 3 base score: 9.1


Package Release Status
Launchpad, Ubuntu, Debian
Released (5.5.2-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed