Back to search
CVE-2014-2285
Published: Apr 27, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=1072778
x_refsource_CONFIRM
openSUSE-SU-2014:0398
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2014:0399
vendor-advisory
x_refsource_SUSE
RHSA-2014:0322
vendor-advisory
x_refsource_REDHAT
59974
third-party-advisory
x_refsource_SECUNIA
GLSA-201409-02
vendor-advisory
x_refsource_GENTOO
http://sourceforge.net/p/net-snmp/patches/1275/
x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1072044
x_refsource_CONFIRM
[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now