net-snmp-5.7.2: fix CVE-2014-2285 (9747141c) · Commits · poplar / meta-openembedded

Commit 9747141c authored May 09, 2014 by

yzhu1 Committed by Joe MacDonald May 09, 2014

net-snmp-5.7.2: fix CVE-2014-2285

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs
in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions,
allows remote attackers to cause a denial of service (snmptrapd
crash) via an empty community string in an SNMP trap, which triggers
a NULL pointer dereference within the newSVpv function in Perl.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2285


Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>

parent 7361149c

Hide whitespace changes

Inline Side-by-side

Please register or to comment

Admin message

net-snmp-5.7.2: fix CVE-2014-2285