cve/2015/CVE-2015-5621.md

CVE-2015-5621

Description

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

POC

Reference

• https://sourceforge.net/p/net-snmp/bugs/2615/
• https://www.exploit-db.com/exploits/45547/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/crazy-max/docker-snmpd