Back to search
CVE-2015-5621
Published: Aug 19, 2015
Modified: Dec 4, 2025
PUBLISHED
Description
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2015:1502
vendor-advisory
x_refsource_SUSE
45547
exploit
x_refsource_EXPLOIT-DB
RHSA-2015:1636
vendor-advisory
x_refsource_REDHAT
1033304
vdb-entry
x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=1212408
x_refsource_CONFIRM
USN-2711-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20150416 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20150413 net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
mailing-list
x_refsource_MLIST
http://support.citrix.com/article/CTX209443
x_refsource_CONFIRM
DSA-4154
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20150731 Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
mailing-list
x_refsource_MLIST
https://sourceforge.net/p/net-snmp/bugs/2615/
x_refsource_CONFIRM
76380
vdb-entry
x_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now