Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 15 Nov 2017 21:37:35 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: collectd: CVE-2017-16820: snmp-plugin: double
 free of request PDU

On Wed, Nov 15, 2017 at 09:30:40PM +0100, Salvatore Bonaccorso wrote:
> Hi
> 
> Collectd's snmp-plugin is prone to a double free vulneability. This
> issue was made aware to the Debian security team, but turned out to be
> public already in. MITRE has assigned CVE-2017-16820 for it. The snmp
> plugin contains a double-free vulnerability in the
> snmp_sess_synch_response() function. Commit message:

Should have read csnmp_read_table, not snmp_sess_synch_response.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ