Candidate: CVE-2017-16820
PublicDate: 2017-11-14 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16820
 https://github.com/collectd/collectd/issues/2291
 https://bugs.debian.org/881757
 https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47
 https://github.com/collectd/collectd/releases/tag/collectd-5.6.3
Description:
 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd
 before 5.6.3 is susceptible to a double free in a certain error case, which
 could lead to a crash (or potentially have other impact).
Ubuntu-Description:
 It was discovered that collectd failed to handle certain input. An attacker
 could use this vulnerability to cause collectd to crash.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881757
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_collectd:
upstream_collectd: released (5.8.0-1)
precise/esm_collectd: DNE
trusty_collectd: ignored (out of standard support)
trusty/esm_collectd: needed
xenial_collectd: ignored (end of standard support, was needed)
zesty_collectd: ignored (reached end-of-life)
artful_collectd: ignored (reached end-of-life)
bionic_collectd: not-affected (5.7.2-2ubuntu1)
cosmic_collectd: not-affected (5.8.0-5.2)
disco_collectd: not-affected (5.8.0-5.2)
eoan_collectd: not-affected (5.8.0-5.2)
focal_collectd: not-affected (5.8.0-5.2)
groovy_collectd: not-affected (5.8.0-5.2)
hirsute_collectd: not-affected (5.8.0-5.2)
impish_collectd: not-affected (5.8.0-5.2)
devel_collectd: not-affected (5.8.0-5.2)