// For flags

CVE-2014-3565

net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

snmplib/mib.c en net-snmp 5.7.0 y anteriores, cuando la opción -OQ está utilizada, permite a atacantes remotos causar una denegación de servicio (caída de snmptrapd) a través de un mensaje trampa SNMP manipulado, lo que provoca una conversión al tipo de variable designado en el fichero MIB, tal y como fue demostrado por un tipo nulo en un mensaje trampa ifMtu.

A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-09-25 CVE Published
  • 2024-05-19 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
  • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.11.0
Search vendor "Apple" for product "Mac Os X" and version "10.11.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
15.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
<= 5.7.0
Search vendor "Net-snmp" for product "Net-snmp" and version " <= 5.7.0"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.1
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.1"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.2
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.2"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.3
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.3"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.4
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.4"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.5
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.5"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.6
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.6"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.7
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.7"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.8
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.8"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.0.9
Search vendor "Net-snmp" for product "Net-snmp" and version "5.0.9"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.1
Search vendor "Net-snmp" for product "Net-snmp" and version "5.1"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.1.2
Search vendor "Net-snmp" for product "Net-snmp" and version "5.1.2"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.2
Search vendor "Net-snmp" for product "Net-snmp" and version "5.2"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.3
Search vendor "Net-snmp" for product "Net-snmp" and version "5.3"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.3.0.1
Search vendor "Net-snmp" for product "Net-snmp" and version "5.3.0.1"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.4
Search vendor "Net-snmp" for product "Net-snmp" and version "5.4"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.5
Search vendor "Net-snmp" for product "Net-snmp" and version "5.5"
-
Affected
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
5.6
Search vendor "Net-snmp" for product "Net-snmp" and version "5.6"
-
Affected