Debian Collectd vulnerabilities

CVE-2017-16820 [CRITICAL] CVE-2017-16820: collectd - The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.... The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). Scope: local bookworm: resolved (fixed in 5.8.0-1) bullseye: resolved (fixed in 5.8.0-1) forky: resolved (fixed in 5.8.0-1) sid: resolved (fixed in 5.8.0-1) t

CVE-2017-7401 [HIGH] CVE-2017-7401: collectd - Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functio... Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet. Scope: local bookworm: resolved (fixed in 5.7.2-1) b

CVE-2017-18240 [MEDIUM] CVE-2017-18240: collectd - The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID ... The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped). Scope: local bookworm: resolved bullseye: resolved forky

CVE-2016-6254 [CRITICAL] CVE-2016-6254: collectd - Heap-based buffer overflow in the parse_packet function in network.c in collectd... Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. Scope: local bookworm: resolved (fixed in 5.5.2-1) bullseye: resolved (fixed in 5.5.2-1) forky: resolved (fixed in 5.

CVE-2010-4336 [MEDIUM] CVE-2010-4336: collectd - The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4... The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins. Scope: local bookworm: resolved (fixed in 4.10.1

CVE-2009-3736 [MEDIUM] CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ... ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved