CVE-2014-3565
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
07/10/2014
Last modified:
12/04/2025
Description
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:* | 5.7.0 (including) | |
| cpe:2.3:a:net-snmp:net-snmp:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-1385.html
- http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/
- http://sourceforge.net/p/net-snmp/official-patches/48/
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/69477
- http://www.ubuntu.com/usn/USN-2711-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1125155
- https://security.gentoo.org/glsa/201507-17
- https://support.apple.com/HT205375
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-1385.html
- http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/
- http://sourceforge.net/p/net-snmp/official-patches/48/
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/69477
- http://www.ubuntu.com/usn/USN-2711-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1125155
- https://security.gentoo.org/glsa/201507-17
- https://support.apple.com/HT205375