9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.4%
Issue Overview:
Double free in csnmp_read_table function in snmp.c:
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). (CVE-2017-16820)
Affected Packages:
collectd
Issue Correction:
Run yum update collectd to update your system.
New Packages:
i686:
collectd-chrony-5.8.0-2.19.amzn1.i686
collectd-web-5.8.0-2.19.amzn1.i686
collectd-generic-jmx-5.8.0-2.19.amzn1.i686
collectd-postgresql-5.8.0-2.19.amzn1.i686
collectd-dns-5.8.0-2.19.amzn1.i686
collectd-write_http-5.8.0-2.19.amzn1.i686
collectd-drbd-5.8.0-2.19.amzn1.i686
collectd-varnish-5.8.0-2.19.amzn1.i686
collectd-lua-5.8.0-2.19.amzn1.i686
collectd-email-5.8.0-2.19.amzn1.i686
collectd-synproxy-5.8.0-2.19.amzn1.i686
collectd-ipvs-5.8.0-2.19.amzn1.i686
collectd-write_tsdb-5.8.0-2.19.amzn1.i686
collectd-debuginfo-5.8.0-2.19.amzn1.i686
collectd-utils-5.8.0-2.19.amzn1.i686
collectd-rrdtool-5.8.0-2.19.amzn1.i686
collectd-gmond-5.8.0-2.19.amzn1.i686
libcollectdclient-devel-5.8.0-2.19.amzn1.i686
libcollectdclient-5.8.0-2.19.amzn1.i686
collectd-ipmi-5.8.0-2.19.amzn1.i686
collectd-notify_email-5.8.0-2.19.amzn1.i686
collectd-netlink-5.8.0-2.19.amzn1.i686
collectd-mysql-5.8.0-2.19.amzn1.i686
collectd-bind-5.8.0-2.19.amzn1.i686
collectd-dbi-5.8.0-2.19.amzn1.i686
collectd-amqp-5.8.0-2.19.amzn1.i686
collectd-snmp_agent-5.8.0-2.19.amzn1.i686
collectd-curl_xml-5.8.0-2.19.amzn1.i686
collectd-disk-5.8.0-2.19.amzn1.i686
collectd-apache-5.8.0-2.19.amzn1.i686
collectd-iptables-5.8.0-2.19.amzn1.i686
collectd-hugepages-5.8.0-2.19.amzn1.i686
collectd-java-5.8.0-2.19.amzn1.i686
collectd-python-5.8.0-2.19.amzn1.i686
collectd-5.8.0-2.19.amzn1.i686
collectd-snmp-5.8.0-2.19.amzn1.i686
collectd-openldap-5.8.0-2.19.amzn1.i686
collectd-write_sensu-5.8.0-2.19.amzn1.i686
collectd-mcelog-5.8.0-2.19.amzn1.i686
collectd-lvm-5.8.0-2.19.amzn1.i686
collectd-curl-5.8.0-2.19.amzn1.i686
perl-Collectd-5.8.0-2.19.amzn1.i686
collectd-zookeeper-5.8.0-2.19.amzn1.i686
collectd-rrdcached-5.8.0-2.19.amzn1.i686
collectd-nginx-5.8.0-2.19.amzn1.i686
collectd-memcachec-5.8.0-2.19.amzn1.i686
src:
collectd-5.8.0-2.19.amzn1.src
x86_64:
collectd-disk-5.8.0-2.19.amzn1.x86_64
collectd-curl_xml-5.8.0-2.19.amzn1.x86_64
collectd-mcelog-5.8.0-2.19.amzn1.x86_64
collectd-generic-jmx-5.8.0-2.19.amzn1.x86_64
collectd-zookeeper-5.8.0-2.19.amzn1.x86_64
collectd-mysql-5.8.0-2.19.amzn1.x86_64
collectd-lua-5.8.0-2.19.amzn1.x86_64
collectd-hugepages-5.8.0-2.19.amzn1.x86_64
collectd-apache-5.8.0-2.19.amzn1.x86_64
collectd-dbi-5.8.0-2.19.amzn1.x86_64
collectd-debuginfo-5.8.0-2.19.amzn1.x86_64
collectd-rrdtool-5.8.0-2.19.amzn1.x86_64
collectd-iptables-5.8.0-2.19.amzn1.x86_64
collectd-chrony-5.8.0-2.19.amzn1.x86_64
collectd-email-5.8.0-2.19.amzn1.x86_64
libcollectdclient-devel-5.8.0-2.19.amzn1.x86_64
collectd-varnish-5.8.0-2.19.amzn1.x86_64
collectd-utils-5.8.0-2.19.amzn1.x86_64
collectd-amqp-5.8.0-2.19.amzn1.x86_64
collectd-write_sensu-5.8.0-2.19.amzn1.x86_64
collectd-python-5.8.0-2.19.amzn1.x86_64
collectd-gmond-5.8.0-2.19.amzn1.x86_64
collectd-snmp_agent-5.8.0-2.19.amzn1.x86_64
collectd-lvm-5.8.0-2.19.amzn1.x86_64
collectd-openldap-5.8.0-2.19.amzn1.x86_64
collectd-drbd-5.8.0-2.19.amzn1.x86_64
collectd-dns-5.8.0-2.19.amzn1.x86_64
collectd-bind-5.8.0-2.19.amzn1.x86_64
collectd-java-5.8.0-2.19.amzn1.x86_64
collectd-5.8.0-2.19.amzn1.x86_64
collectd-rrdcached-5.8.0-2.19.amzn1.x86_64
collectd-netlink-5.8.0-2.19.amzn1.x86_64
collectd-ipvs-5.8.0-2.19.amzn1.x86_64
collectd-memcachec-5.8.0-2.19.amzn1.x86_64
collectd-postgresql-5.8.0-2.19.amzn1.x86_64
perl-Collectd-5.8.0-2.19.amzn1.x86_64
collectd-synproxy-5.8.0-2.19.amzn1.x86_64
collectd-ipmi-5.8.0-2.19.amzn1.x86_64
collectd-notify_email-5.8.0-2.19.amzn1.x86_64
collectd-write_tsdb-5.8.0-2.19.amzn1.x86_64
collectd-web-5.8.0-2.19.amzn1.x86_64
collectd-snmp-5.8.0-2.19.amzn1.x86_64
libcollectdclient-5.8.0-2.19.amzn1.x86_64
collectd-nginx-5.8.0-2.19.amzn1.x86_64
collectd-write_http-5.8.0-2.19.amzn1.x86_64
collectd-curl-5.8.0-2.19.amzn1.x86_64
Red Hat: CVE-2017-16820
Mitre: CVE-2017-16820
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | collectd-chrony | < 5.8.0-2.19.amzn1 | collectd-chrony-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-web | < 5.8.0-2.19.amzn1 | collectd-web-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-generic-jmx | < 5.8.0-2.19.amzn1 | collectd-generic-jmx-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-postgresql | < 5.8.0-2.19.amzn1 | collectd-postgresql-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-dns | < 5.8.0-2.19.amzn1 | collectd-dns-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-write_http | < 5.8.0-2.19.amzn1 | collectd-write_http-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-drbd | < 5.8.0-2.19.amzn1 | collectd-drbd-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-varnish | < 5.8.0-2.19.amzn1 | collectd-varnish-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-lua | < 5.8.0-2.19.amzn1 | collectd-lua-5.8.0-2.19.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-email | < 5.8.0-2.19.amzn1 | collectd-email-5.8.0-2.19.amzn1.i686.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.4%