Skip to main content

Net Snmp CVE-2014-2285

MEDIUM
Improper Input Validation (CWE-20)
2014-04-27 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 27, 2014 - 22:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

AnalysisAI

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. Affected products include: Net-Snmp.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-5621 HIGH POC
7.5 Aug 19

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnm

CVE-2018-1000116 CRITICAL POC
9.8 Mar 07

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command e

CVE-2012-6151 MEDIUM POC
4.3 Dec 13

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote at

CVE-2018-18066 HIGH POC
7.5 Oct 08

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an un

CVE-2014-3565 MEDIUM POC
5.0 Oct 07

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of s

CVE-2022-44793 MEDIUM POC
6.5 Nov 07

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Excepti

CVE-2022-44792 MEDIUM POC
6.5 Nov 07

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug

CVE-2018-18065 MEDIUM POC
6.5 Oct 08

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by

CVE-2020-15862 HIGH
7.8 Aug 20

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability

CVE-2020-15861 HIGH
7.8 Aug 20

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Rated high sev

CVE-2014-2284 MEDIUM
5.0 Mar 24

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1

CVE-2014-2310 MEDIUM
5.0 Apr 17

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a mu

Share

CVE-2014-2285 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy