CVE-2014-2285

2014-03-0500:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchnet-snmp< 5.4.2.1~dfsg0ubuntu1-0ubuntu2.3UNKNOWN
ubuntu12.04noarchnet-snmp< 5.4.3~dfsg-2.4ubuntu1.2UNKNOWN
ubuntu12.10noarchnet-snmp< 5.4.3~dfsg-2.5ubuntu1.1UNKNOWN
ubuntu13.10noarchnet-snmp< 5.7.2~dfsg-8ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	net-snmp	< 5.4.2.1~dfsg0ubuntu1-0ubuntu2.3	UNKNOWN
ubuntu	12.04	noarch	net-snmp	< 5.4.3~dfsg-2.4ubuntu1.2	UNKNOWN
ubuntu	12.10	noarch	net-snmp	< 5.4.3~dfsg-2.5ubuntu1.1	UNKNOWN
ubuntu	13.10	noarch	net-snmp	< 5.7.2~dfsg-8ubuntu1.1	UNKNOWN