CVE-2014-2310

EUVD-2014-2348
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
net-snmpnet-snmp
𝑥
≤ 5.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
net-snmp
bookworm
5.9.3+dfsg-2
fixed
bullseye
5.9+dfsg-4+deb11u1
fixed
bullseye (security)
5.9+dfsg-4+deb11u1
fixed
sid
5.9.4+dfsg-1.1
fixed
squeeze
no-dsa
trixie
5.9.4+dfsg-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
net-snmp
lucid
Fixed 5.4.2.1~dfsg0ubuntu1-0ubuntu2.3
released
precise
Fixed 5.4.3~dfsg-2.4ubuntu1.2
released
quantal
Fixed 5.4.3~dfsg-2.5ubuntu1.1
released
saucy
not-affected
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q1/513
http://seclists.org/oss-sec/2014/q1/527
http://secunia.com/advisories/57870
http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/
http://sourceforge.net/p/net-snmp/patches/1113/
http://ubuntu.com/usn/usn-2166-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388
http://seclists.org/oss-sec/2014/q1/513
http://seclists.org/oss-sec/2014/q1/527
http://secunia.com/advisories/57870
http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/
http://sourceforge.net/p/net-snmp/patches/1113/
http://ubuntu.com/usn/usn-2166-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388