CVE-2014-2285

Summary

CVE	CVE-2014-2285
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-04-27 22:55:00 UTC
Updated	2016-12-08 03:05:00 UTC
Description	The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Net-snmp	Net-snmp	All	pre1	All	All

References

Reference	Source	Link	Tags
openSUSE-SU-2014:0398-1: moderate: net-snmp: security fixes for remote d	SUSE	lists.opensuse.org
1072778 – (CVE-2014-2285) CVE-2014-2285 net-snmp: snmptrapd crash when using a trap with empty community string	CONFIRM	bugzilla.redhat.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
1072044 – snmptrapd segfaults under specific conditions	CONFIRM	bugzilla.redhat.com	Vendor Advisory
Gentoo Linux Documentation -- Net-SNMP: Denial of Service	GENTOO	www.gentoo.org
NULL and sv_setpv vs. newSVpv - nntp.perl.org	MISC	www.nntp.perl.org
comments.gmane.org \| 522: Connection timed out	MLIST	comments.gmane.org
Security Advisory SA59974 - Gentoo update for net-snmp - Secunia	SECUNIA	secunia.com
openSUSE-SU-2014:0399-1: moderate: net-snmp: security fixes for remote d	SUSE	lists.opensuse.org
net-snmp / Patches / #1275 Perl Trap Handler Segfault	CONFIRM	sourceforge.net
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView	CONFIRM	kb.juniper.net
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.