oss-sec mailing list archives

Re: collectd: CVE-2017-16820: snmp-plugin: double free of request PDU

From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 15 Nov 2017 21:37:35 +0100

On Wed, Nov 15, 2017 at 09:30:40PM +0100, Salvatore Bonaccorso wrote:

Hi

Collectd's snmp-plugin is prone to a double free vulneability. This
issue was made aware to the Debian security team, but turned out to be
public already in. MITRE has assigned CVE-2017-16820 for it. The snmp
plugin contains a double-free vulnerability in the
snmp_sess_synch_response() function. Commit message:


Should have read csnmp_read_table, not snmp_sess_synch_response.

Regards,
Salvatore

Current thread:

collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)
- Re: collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)