CVE-2014-2310

Description

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

How to fix CVE-2014-2310

To remediate CVE-2014-2310, upgrade the affected package to a fixed version below.

• Debian/net-snmp—upgrade to 5.7.2~dfsg-3 or later

Is CVE-2014-2310 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 5.7.2~dfsg-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-2310