CVE-2015-5621

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
It was discovered that in net-snmp before 5.8 the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or potentially execute arbitrary code on the system with the privileges of the user running snmpd.
Group Package Affected Fixed Severity Status Ticket
AVG-777 net-snmp 5.7.3-9 5.8-1 High Fixed
Date Advisory Group Package Severity Description
17 Oct 2018 ASA-201810-11 AVG-777 net-snmp High multiple issues
References
https://sourceforge.net/p/net-snmp/bugs/2615/
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791
https://www.openwall.com/lists/oss-security/2015/04/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=1212408