[Pkg-net-snmp-devel] Bug#482333: net-snmp: CVE-2008-2292 buffer overflow in __snprint_value function

Nico Golde nion at debian.org
Wed May 21 21:43:13 UTC 2008

Source: net-snmp
Version: 5.2.0-1
Severity: grave
Tags: security patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.

| Buffer overflow in the __snprint_value function in snmp_get in
| Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows
| remote attackers to cause a denial of service (crash) and possibly
| execute arbitrary code via a large OCTETSTRING in an attribute value
| pair (AVP).

Patch for 5.4 branch:

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292

Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-net-snmp-devel/attachments/20080521/f7e8b176/attachment.pgp 

More information about the Pkg-net-snmp-devel mailing list