CVE-2015-5621 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	It was discovered that in net-snmp before 5.8 the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or potentially execute arbitrary code on the system with the privileges of the user running snmpd.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-777	net-snmp	5.7.3-9	5.8-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
17 Oct 2018	ASA-201810-11	AVG-777	net-snmp	High	multiple issues

References
https://sourceforge.net/p/net-snmp/bugs/2615/ https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791 https://www.openwall.com/lists/oss-security/2015/04/13/1 https://bugzilla.redhat.com/show_bug.cgi?id=1212408

References

https://sourceforge.net/p/net-snmp/bugs/2615/
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791
https://www.openwall.com/lists/oss-security/2015/04/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=1212408