ALT-PU-2017-1998-1
Closed vulnerabilities
Published: 2017-05-19
BDU:2017-02653
Уязвимость функции csnmp_read_table (snmp.c) SNMP-плагина демона Сollectd, позволяющая нарушителю вызвать аварийное завершение работы приложения
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-11-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-16820
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- RHSA-2018:0252
- RHSA-2018:0252
- RHSA-2018:0299
- RHSA-2018:0299
- RHSA-2018:0560
- RHSA-2018:0560
- RHSA-2018:1605
- RHSA-2018:1605
- RHSA-2018:2615
- RHSA-2018:2615
- https://bugs.debian.org/881757
- https://bugs.debian.org/881757
- https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47
- https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47
- https://github.com/collectd/collectd/issues/2291
- https://github.com/collectd/collectd/issues/2291
- https://github.com/collectd/collectd/releases/tag/collectd-5.6.3
- https://github.com/collectd/collectd/releases/tag/collectd-5.6.3
- GLSA-201803-10
- GLSA-201803-10
Published: 2017-04-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-7401
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References: