The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and previous versions does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
net-snmp net-snmp |