Your submission was sent successfully! Close

CVE-2019-20892

Published: 25 June 2020

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.

Notes

AuthorNote
mdeslaur
Possibly affects 5.8 only.
Could not reproduce crash in eoan and earlier, marking as
not-affected.
Priority

Medium

CVSS 3 base score: 6.5