CVE-2015-5621
published 2015-08-19CVE-2015-5621: The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of…
PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
40.00%
98.4th percentile
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | net-snmp | < net-snmp 5.7.3+dfsg-1.1 (bookworm) | net-snmp 5.7.3+dfsg-1.1 (bookworm) |
| net-snmp | net-snmp | <= 5.7.2 | — |
| net-snmp | net-snmp | >= 0 < 5.7.3+dfsg-1.1 | 5.7.3+dfsg-1.1 |
| net-snmp | net-snmp | >= 0 < 5.7.3+dfsg-1.1 | 5.7.3+dfsg-1.1 |
| net-snmp | net-snmp | >= 0 < 5.7.3+dfsg-1.1 | 5.7.3+dfsg-1.1 |
| net-snmp | net-snmp | >= 0 < 5.7.3+dfsg-1.1 | 5.7.3+dfsg-1.1 |
| net-snmp | net-snmp | >= 0 < 5.7.2~dfsg-8.1ubuntu3.1 | 5.7.2~dfsg-8.1ubuntu3.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crafted SNMP PDU packets sent to UDP port 161 that trigger parse failures in snmp_pdu_parse() within snmp_api.c; the vulnerability leaves incompletely parsed varBind variables in the variable list, which can be detected by ASAN SIGSEGV crashes in snmpd. ↗
- →Alert on snmpd process crashes (SIGSEGV / ABORTING) originating from table_container.c _set_key function, which is the observed crash point in the PoC exploit. ↗
- →The PoC exploit uses SNMP community string 'public' (base64-encoded as 'cHVibGlj' within the payload). Detect anomalous SNMP GET/SET requests using the default 'public' community string with malformed PDU structure. ↗
- →It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd. ↗
- ·The vulnerability is exploitable without authentication (unauthenticated remote attacker) for CVE-2015-5621; however, the PoC exploit for the related second bug requires knowledge of the SNMP community string. ↗
- ·Disabling SNMP entirely on affected devices fully mitigates CVE-2015-5621; alternatively, restrict access to Port 161/UDP via firewall or ACL. ↗
- ·net-snmp versions 5.7.2 and earlier are vulnerable; the fix was committed to version control but not publicly disclosed until later. Ensure upgrade to a patched version (5.7.3+dfsg-1.1 or later on Debian-based systems). ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Industrial Products SNMP (Update F)
cisa_ics·2022-02-10
Siemens Industrial Products SNMP (Update F)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Industrial Products SNMP (Update F)
Last RevisedApril 14, 2022
Alert CodeICSA-20-042-02
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Various SCALANCE, SIMATIC, SIPLUS products
Ubuntu
Net-SNMP vulnerabilities
vendor_ubuntu·2015-08-17·CVSS 5.0
CVE-2014-3565 [MEDIUM] Net-SNMP vulnerabilities
Title: Net-SNMP vulnerabilities
Summary: Net-SNMP could be made to crash or run programs if it received specially
crafted network traffic.
It was discovered that Net-SNMP incorrectly handled certain trap messages
when the -OQ option was used. A remote attacker could use this issue to
cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)
Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing
failures. A remote attacker could use this issue to cause Net-SNMP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2015-5621)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
vendor_redhat·2015-04-13·CVSS 7.5
CVE-2015-5621 [HIGH] CWE-772 net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.
Debian
CVE-2015-5621: net-snmp - The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not...
vendor_debian·2015·CVSS 7.5
CVE-2015-5621 [HIGH] CVE-2015-5621: net-snmp - The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not...
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Scope: local
bookworm: resolved (fixed in 5.7.3+dfsg-1.1)
bullseye: resolved (fixed in 5.7.3+dfsg-1.1)
forky: resolved (fixed in 5.7.3+dfsg-1.1)
sid: resolved (fixed in 5.7.3+dfsg-1.1)
trixie: resolved (fixed in 5.7.3+dfsg-1.1)
GHSA
GHSA-w7cc-jv4p-qccr: The snmp_pdu_parse function in snmp_api
ghsa_unreviewed·2022-05-14
CVE-2015-5621 [HIGH] CWE-190 GHSA-w7cc-jv4p-qccr: The snmp_pdu_parse function in snmp_api
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
OSV
CVE-2015-5621: The snmp_pdu_parse function in snmp_api
osv·2015-08-19·CVSS 7.5
CVE-2015-5621 [HIGH] CVE-2015-5621: The snmp_pdu_parse function in snmp_api
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
OSV
net-snmp vulnerabilities
osv·2015-08-17·CVSS 5.0
CVE-2014-3565 [MEDIUM] net-snmp vulnerabilities
net-snmp vulnerabilities
It was discovered that Net-SNMP incorrectly handled certain trap messages
when the -OQ option was used. A remote attacker could use this issue to
cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)
Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing
failures. A remote attacker could use this issue to cause Net-SNMP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2015-5621)
No detection rules found.
Bugzilla
CVE-2018-18065 net-snmp: NULL pointer exception in _set_key in agent/helpers/table_container.c resulting in a denial of service
bugzilla·2018-10-09·CVSS 7.5
CVE-2018-18065 [HIGH] CVE-2018-18065 net-snmp: NULL pointer exception in _set_key in agent/helpers/table_container.c resulting in a denial of service
CVE-2018-18065 net-snmp: NULL pointer exception in _set_key in agent/helpers/table_container.c resulting in a denial of service
It was found that _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
References:
https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
Upstream patch:
https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
Discussion:
Created net-snmp tracking bugs for this issue:
Affects: fedora-all [bug 1637573]
---
Unable to reproduce on any version of RHEL using instructions. This appears to be a duplicate of CVE-2015-5621. See the reference page for th
Bugzilla
CVE-2018-18066 net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
bugzilla·2018-10-09·CVSS 7.5
CVE-2018-18066 [HIGH] CVE-2018-18066 net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
CVE-2018-18066 net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
It was found that snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
References:
https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
Upstream patch:
https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
Discussion:
Created net-snmp tracking bugs for this issue:
Affects: fedora-all [bug 1637573]
---
Unable to reproduce on on Fedora or RHEL5/7. Going to try to bui
Bugzilla
CVE-2018-1000116 net-snmp: Heap corruption in snmp_pdu_parse function in snmplib/snmp_api.c
bugzilla·2018-03-07·CVSS 7.5
CVE-2018-1000116 [HIGH] CVE-2018-1000116 net-snmp: Heap corruption in snmp_pdu_parse function in snmplib/snmp_api.c
CVE-2018-1000116 net-snmp: Heap corruption in snmp_pdu_parse function in snmplib/snmp_api.c
The version 5.7.2 was vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process.
Upstream issue:
https://sourceforge.net/p/net-snmp/bugs/2821/
Upstream patch:
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
Discussion:
Created net-snmp tracking bugs for this issue:
Affects: fedora-all [bug 1552845]
---
The "upstream patch" linked in Comment 0 is the same as for Bug 1212408, which was CVE-2015-5621.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2015:1636: https://access.redhat.com/errata/RHSA-2015:1636
---
External References:
http
Bugzilla
CVE-2015-5621 net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
bugzilla·2015-04-16·CVSS 7.5
CVE-2015-5621 [HIGH] CVE-2015-5621 net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
CVE-2015-5621 net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
It was discovered that the snmp_pdu_parse() function could leave
incompletely parsed varBind variables in the list of variables in
case the parsing of the SNMP PDU failed. If later processing tries to
operate on the stale and incompletely processed varBind (e.g. when
printing the variables), this can lead to e.g. crashes or, possibly,
execution of arbitrary code (although I've only seen NULL pointer
dereferences during my testing, I currently can't rule out code
execution completely).
The snmp_pdu_parse() function stores varBind variables in a list of
netsnmp_variable_list structures. Each time the function parses a new
varBind, a new netsnmp_variable_list item is allocated on the heap
and lin
Hackernews
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
blogs_hackernews·2026-04-21·CVSS 7.5
CVE-2026-32955 [HIGH] 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.
The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed online globally.
"Some of these vulnerabilities allow attackers to take full control of mission-critical devices connected via serial links," the
http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1636.htmlhttp://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/http://support.citrix.com/article/CTX209443http://www.openwall.com/lists/oss-security/2015/04/13/1http://www.openwall.com/lists/oss-security/2015/04/16/15http://www.openwall.com/lists/oss-security/2015/07/31/1http://www.securityfocus.com/bid/76380http://www.securitytracker.com/id/1033304http://www.ubuntu.com/usn/USN-2711-1https://bugzilla.redhat.com/show_bug.cgi?id=1212408https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfhttps://sourceforge.net/p/net-snmp/bugs/2615/https://www.debian.org/security/2018/dsa-4154https://www.exploit-db.com/exploits/45547/http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1636.htmlhttp://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/http://support.citrix.com/article/CTX209443http://www.openwall.com/lists/oss-security/2015/04/13/1http://www.openwall.com/lists/oss-security/2015/04/16/15http://www.openwall.com/lists/oss-security/2015/07/31/1http://www.securityfocus.com/bid/76380http://www.securitytracker.com/id/1033304http://www.ubuntu.com/usn/USN-2711-1https://bugzilla.redhat.com/show_bug.cgi?id=1212408https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfhttps://sourceforge.net/p/net-snmp/bugs/2615/https://www.debian.org/security/2018/dsa-4154https://www.exploit-db.com/exploits/45547/
2015-08-19
Published