FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

net-snmp -- snmp_pdu_parse() function incomplete initialization

Affected packages
net-snmp <= 5.7.3_7

Details

VuXML ID 381183e8-3798-11e5-9970-14dae9d210b8
Discovery 2015-04-11
Entry 2015-07-31

Qinghao Tang reports:

Incompletely initialized vulnerability exists in the function ‘snmp_pdu_parse()’ of ‘snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets.

References

CVE Name CVE-2015-5621
URL http://seclists.org/oss-sec/2015/q2/116
URL http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
URL https://bugzilla.redhat.com/show_bug.cgi?id=1212408