CVE-2014-3565

Summary

CVE	CVE-2014-3565
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-10-07 14:55:04 UTC
Updated	2026-05-06 22:30:45 UTC
Description	snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: CWE-399 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Mac Os X	10.11.0	All	All	All
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	15.04	All	All	All
Application	Net-snmp	Net-snmp	5.0	All	All	All
Application	Net-snmp	Net-snmp	5.0.1	All	All	All
Application	Net-snmp	Net-snmp	5.0.2	All	All	All
Application	Net-snmp	Net-snmp	5.0.3	All	All	All
Application	Net-snmp	Net-snmp	5.0.4	All	All	All
Application	Net-snmp	Net-snmp	5.0.5	All	All	All
Application	Net-snmp	Net-snmp	5.0.6	All	All	All
Application	Net-snmp	Net-snmp	5.0.7	All	All	All
Application	Net-snmp	Net-snmp	5.0.8	All	All	All
Application	Net-snmp	Net-snmp	5.0.9	All	All	All
Application	Net-snmp	Net-snmp	5.1	All	All	All
Application	Net-snmp	Net-snmp	5.1.2	All	All	All
Application	Net-snmp	Net-snmp	5.2	All	All	All
Application	Net-snmp	Net-snmp	5.3	All	All	All
Application	Net-snmp	Net-snmp	5.3.0.1	All	All	All
Application	Net-snmp	Net-snmp	5.4	All	All	All
Application	Net-snmp	Net-snmp	5.5	All	All	All
Application	Net-snmp	Net-snmp	5.6	All	All	All
Application	Net-snmp	Net-snmp	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Net-SNMP snmptrapd CVE-2014-3565 Remote Denial of Service Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks - Apple Support	af854a3a-2127-422b-91ae-364da2661108	support.apple.com	Vendor Advisory
openSUSE-SU-2014:1108-1: moderate: net-snmp: fix for remote denial of se	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
Gentoo Security	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
net-snmp / Code / Commit [7f4a7b]	af854a3a-2127-422b-91ae-364da2661108	sourceforge.net	Exploit
USN-2711-1: Net-SNMP vulnerabilities \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
Oracle Linux Bulletin - October 2015	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
Bug 1125155 – CVE-2014-3565 net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com	Vendor Advisory
net-snmp / Official Patches / #48 Official patch for CVE-2014-3565	af854a3a-2127-422b-91ae-364da2661108	sourceforge.net	Patch
Red Hat Customer Portal	MITRE	access.redhat.com
Red Hat Customer Portal	MITRE	access.redhat.com
CVE-2014-3565 - Red Hat Customer Portal	MITRE	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)