← back
CVE-2015-5621

CVE-2015-5621

CVSS 7.5 HIGHEPSS 40.0%CWE-190
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45547/unverifiedexploitdbwww.exploit-db.com/exploits/45547unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1636.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1212408https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfhttp://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/https://sourceforge.net/p/net-snmp/bugs/2615/http://support.citrix.com/article/CTX209443https://www.debian.org/security/2018/dsa-4154https://www.exploit-db.com/exploits/45547/http://www.openwall.com/lists/oss-security/2015/04/13/1http://www.openwall.com/lists/oss-security/2015/04/16/15http://www.openwall.com/lists/oss-security/2015/07/31/1