CVE-2014-3565
EPSS 7.5%
Description
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
How to fix CVE-2014-3565
To remediate CVE-2014-3565, upgrade the affected package to a fixed version below.
- Debian/net-snmp—upgrade to 5.7.2.1~dfsg-7 or later
Is CVE-2014-3565 being exploited?
Moderate — EPSS is 7.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 5.7.2.1~dfsg-7