CVE-2014-2285

net-snmp: snmptrapd crash when using a trap with empty community string

Severity Score

10.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

La función perl_trapd_handler en perl/TrapReceiver/TrapReceiver.xs en Net-SNMP 5.7.3.pre3 y anteriores, cuando utiliza ciertas versiones Perl, permite a atacantes remotos causar una denegación de servicio (caída de snmptrapd) a través de una cadena de comunidad vacía en una trampa SNMP, lo que provoca una referencia a puntero nulo dentro de la función newSVpv en Perl.

Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects. Remotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled. A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-03-05 CVE Reserved
2014-03-13 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (12)

URL	Tag	Source
http://comments.gmane.org/gmane.comp.security.oss.general/12284	Mailing List
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	X_refsource_confirm
http://secunia.com/advisories/59974	Third Party Advisory
http://sourceforge.net/p/net-snmp/patches/1275	X_refsource_confirm
http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html	2016-12-08
http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html	2016-12-08
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml	2016-12-08
https://bugzilla.redhat.com/show_bug.cgi?id=1072044	2016-12-08
https://bugzilla.redhat.com/show_bug.cgi?id=1072778	2014-03-24
https://rhn.redhat.com/errata/RHSA-2014-0322.html	2016-12-08
https://access.redhat.com/security/cve/CVE-2014-2285	2014-03-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Net-snmp Search vendor "Net-snmp"		Net-snmp Search vendor "Net-snmp" for product "Net-snmp"				<= 5.7.3 Search vendor "Net-snmp" for product "Net-snmp" and version " <= 5.7.3"		pre1		Affected