Denial of Service and Arbitrary Code Execution Vulnerability in net-snmp 5.7.2 and Earlier

Denial of Service and Arbitrary Code Execution Vulnerability in net-snmp 5.7.2 and Earlier

CVE-2015-5621 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

Learn more about our Cis Benchmark Audit For Bind.