CVE-2017-16820

Current Description

The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).

Basic Data

PublishedNovember 14, 2017
Last ModifiedSeptember 04, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-415
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score9.8
CVSS 3 - Base SeverityCRITICAL
Exploitability Score3.9
Base SeverityCRITICAL

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCollectdCollectd********5.6.3

Vulnerable Software List

VendorProductVersions
Collectd Collectd *

References

NameSourceURLTags
RHSA-2018:0252https://access.redhat.com/errata/RHSA-2018:0252REDHAT
RHSA-2018:0299https://access.redhat.com/errata/RHSA-2018:0299REDHAT
RHSA-2018:0560https://access.redhat.com/errata/RHSA-2018:0560REDHAT
RHSA-2018:1605https://access.redhat.com/errata/RHSA-2018:1605REDHAT
RHSA-2018:2615https://access.redhat.com/errata/RHSA-2018:2615REDHAT
https://bugs.debian.org/881757https://bugs.debian.org/881757CONFIRMIssue Tracking Third Party Advisory
https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47CONFIRMIssue Tracking Patch Third Party Advisory
https://github.com/collectd/collectd/issues/2291https://github.com/collectd/collectd/issues/2291CONFIRMIssue Tracking Third Party Advisory
https://github.com/collectd/collectd/releases/tag/collectd-5.6.3https://github.com/collectd/collectd/releases/tag/collectd-5.6.3CONFIRMIssue Tracking Third Party Advisory
GLSA-201803-10https://security.gentoo.org/glsa/201803-10GENTOO