CVE-2015-5621 (retired)

Priority
Description
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier
does not remove the varBind variable in a netsnmp_variable_list item when
parsing of the SNMP PDU fails, which allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a crafted
packet.
Assigned-to
mdeslaur
Package
Upstream:needed
Ubuntu 14.04 LTS (Trusty Tahr):released (5.7.2~dfsg-8.1ubuntu3.1)
Patches:
Upstream:http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
More Information

Updated: 2019-03-26 12:16:13 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)