CVE-2014-3565Type Confusion in Net-snmp

CWE-399CWE-843Type Confusion10 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
8.8%
top 7.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Net-snmpDebian Net-snmpApple OS X EL Capitan 10.11.1 Security Update 2015-004 Yosemite AND Security Update 20+2 more
Timeline
PublishedOct 7
Latest updateMay 17

Description

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

debiandebian/net-snmp< net-snmp 5.7.2.1~dfsg-7 (bookworm)
Debiannet-snmp/net-snmp< 5.7.2.1~dfsg-7+3
Ubuntunet-snmp/net-snmp< 5.7.2~dfsg-8.1ubuntu3.1
NVDnet-snmp/net-snmp5.7.0+18
NVDapple/mac_os_x10.11.0

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

3
GHSA
GHSA-w26p-786m-5h86: snmplib/mib2022-05-17
OSV
net-snmp vulnerabilities2015-08-17
OSV
CVE-2014-3565: snmplib/mib2014-10-07

📋Vendor Advisories

4
Ubuntu
Net-SNMP vulnerabilities2015-08-17
Red Hat
net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type2014-08-31
Debian
CVE-2014-3565: net-snmp - snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows...2014
Apple
CVE-2014-3565: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks

💬Community

2
Bugzilla
CVE-2014-3565 net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type [fedora-all]2014-09-01
Bugzilla
CVE-2014-3565 net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type2014-07-31