CVE-2014-2310 — Improper Input Validation in Net-snmp

CWE-20 — Improper Input Validation7 documents7 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

1.1%

top 21.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp

Timeline

PublishedApr 17

Latest updateMay 17

Description

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/net-snmp< net-snmp 5.7.2~dfsg-3 (bookworm)

▶Debiannet-snmp/net-snmp< 5.7.2~dfsg-3+3

▶NVDnet-snmp/net-snmp5.4

🔴Vulnerability Details

GHSA

GHSA-7x87-wr85-45rj: The AgentX subagent in Net-SNMP before 5↗2022-05-17

▶

OSV

CVE-2014-2310: The AgentX subagent in Net-SNMP before 5↗2014-04-17

▶

📋Vendor Advisories

Ubuntu

Net-SNMP vulnerabilities↗2014-04-14

▶

Red Hat

net-snmp: AgentX incorrectly handles multi-object requests leading to DoS↗2014-03-06

▶

Debian

CVE-2014-2310: net-snmp - The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a ...↗2014

▶

💬Community

Bugzilla

CVE-2014-2310 net-snmp: AgentX incorrectly handles multi-object requests leading to DoS↗2014-03-10

▶