CVE-2015-5621

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

Published : 2015-08-19 15:59 Updated : 2018-10-10 10:29

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Net-snmp Net-snmp 5.7.2 cpe:/a:net-snmp:net-snmp:5.7.2
  1. Net-snmp (1) Search CVE
    1. Net-snmp (1) Search CVE
      1. 5.7.2

CWE

ID Name Description Links
CWE-19 Data Processing Errors Weaknesses in this category are typically found in functionality that processes data. CVE

History of changes

Date Event
2018-10-10 10:29
2018-03-30 01:29
2015-08-19 15:59

New CVE