Lucene search

[email protected]NVD:CVE-2014-2285

HistoryApr 27, 2014 - 10:55 p.m.

CVE-2014-2285

2014-04-2722:55:05

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

Affected configurations

Nvd

Node

net-snmpnet-snmpRange≤5.7.3pre1

VendorProductVersionCPE
net-snmpnet-snmp*cpe:2.3:a:net-snmp:net-snmp:*:pre1:*:*:*:*:*:*

Vendor	Product	Version	CPE
net-snmp	net-snmp	*	cpe:2.3:a:net-snmp:net-snmp::pre1::::::*

References

comments.gmane.org/gmane.comp.security.oss.general/12284

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-updates/2014-03/msg00060.html

lists.opensuse.org/opensuse-updates/2014-03/msg00061.html

secunia.com/advisories/59974

sourceforge.net/p/net-snmp/patches/1275/

www.gentoo.org/security/en/glsa/glsa-201409-02.xml

www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html

bugzilla.redhat.com/show_bug.cgi?id=1072044

bugzilla.redhat.com/show_bug.cgi?id=1072778

rhn.redhat.com/errata/RHSA-2014-0322.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

Related for NVD:CVE-2014-2285

nessus12 cve1 debiancve1 openvas11 ubuntucve1 cvelist1 prion1 securityvulns6 redhat1 oraclelinux1 veracode1 mageia1 centos1 ibm1 ubuntu1 gentoo1 osv1 rosalinux1