CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18240
https://notcve.org/view.php?id=CVE-2017-18240
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped). El paquete app-admin/collectd de Gentoo, en versiones anteriores a la 5.7.2-r1, establece la propiedad del directorio de archivos PID en la cuenta collectd, lo que podría permitir que usuarios locales finalicen procesos arbitrarios aprovechando el acceso a esta cuenta para modificar archivos PID antes de que un script root envíe un SIGKILL (cuando el servicio está parado). • http://www.securityfocus.com/bid/103469 https://bugs.gentoo.org/628540 https://security.gentoo.org/glsa/201803-10 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16820 – collectd: double free in csnmp_read_table function in snmp.c
https://notcve.org/view.php?id=CVE-2017-16820
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). La función csnmp_read_table en snmp.c en el plugin SNMP en collectd, en versiones anteriores a la 5.6.3, es susceptible a una doble liberación (double free) en un cierto caso de error, lo que podría conducir a un cierre inesperado (o, potencialmente, provocar otro impacto). A double-free vulnerability was found in the csnmp_read_table function in the SNMP plugin of collectd. A network-based attacker could exploit this by sending malformed data, causing collectd to crash or possibly other impact. • https://access.redhat.com/errata/RHSA-2018:0252 https://access.redhat.com/errata/RHSA-2018:0299 https://access.redhat.com/errata/RHSA-2018:0560 https://access.redhat.com/errata/RHSA-2018:1605 https://access.redhat.com/errata/RHSA-2018:2615 https://bugs.debian.org/881757 https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47 https://github.com/collectd/collectd/issues/2291 https://github.com/collectd/collectd/releases/tag/collectd-5.6.3 https://security.g • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7401 – collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions
https://notcve.org/view.php?id=CVE-2017-7401
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet. La interacción incorrecta de las funciones parse_packet() y parse_part_sign_sha256() en network.c en collectd 5.7.1 y anteriores permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) de una instancia collectd (configurada con opciones "SecurityLevel None" y con empty "AuthFile") a través de un paquete UDP manipulado. collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service. • http://www.securityfocus.com/bid/97321 https://access.redhat.com/errata/RHSA-2017:1285 https://access.redhat.com/errata/RHSA-2017:1787 https://access.redhat.com/errata/RHSA-2018:2615 https://github.com/collectd/collectd/issues/2174 https://access.redhat.com/security/cve/CVE-2017-7401 https://bugzilla.redhat.com/show_bug.cgi?id=1439674 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 5%CPEs: 5EXPL: 0CVE-2016-6254
https://notcve.org/view.php?id=CVE-2016-6254
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. Desbordamiento de búfer basado en memoria dinámica en la función parse_packet en network.c en collectd en versiones anteriores a 5.4.3 y 5.x en versiones anteriores a 5.5.2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código arbitrario a través de un paquete de red manipulado. • http://collectd.org/news.shtml http://www.debian.org/security/2016/dsa-3636 https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CM4W5SJ4OTBGINGIN4NJLXCUZAZANO6J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZ5UXDOB7BA5NGE2F2I2BL4K6763DHW • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 5%CPEs: 65EXPL: 0CVE-2010-4336
https://notcve.org/view.php?id=CVE-2010-4336
The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins. La función cu_rrd_create_file (src/utils_rrdcreate.c) en collectd v4.x anterior a v4.9.4 y anterior a v4.10.2 permite a atacantes remotos provocar una denegación de servicio (fallo) a través de un paquete con un sellado de tiempo cuyo valor es de 10 o menos, como lo demuestra la creación de archivos RRD mediante la (1) RRDtool y (2) pluggins RRDCacheD. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605092 http://collectd.org/news.shtml#news86 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052875.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://secunia.com/advisories/42393 http://secunia.com/advisories/42491 http://secunia.com/advisories/42846 http://www.debian.org/security/2010/dsa-2133 http://www.securityfocus.com/bid/45075 http://www.vupen.com/english/advisories/ • CWE-399: Resource Management Errors •