oss-sec mailing list archives
Re: collectd: CVE-2017-16820: snmp-plugin: double free of request PDU
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 15 Nov 2017 21:37:35 +0100
On Wed, Nov 15, 2017 at 09:30:40PM +0100, Salvatore Bonaccorso wrote:
Hi Collectd's snmp-plugin is prone to a double free vulneability. This issue was made aware to the Debian security team, but turned out to be public already in. MITRE has assigned CVE-2017-16820 for it. The snmp plugin contains a double-free vulnerability in the snmp_sess_synch_response() function. Commit message:
Should have read csnmp_read_table, not snmp_sess_synch_response. Regards, Salvatore
Current thread:
- collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)
- Re: collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)