CVE-2019-5610

Published: Aug 30, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service.

Affected (25)

Products: Freebsd: Freebsd · Netapp: Clustered Data Ontap

1 product

1 product

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 11.2
Freebsd Freebsd	Version 11.2 p10
Freebsd Freebsd	Version 11.2 p11
Freebsd Freebsd	Version 11.2 p12
Freebsd Freebsd	Version 11.2 p13
Freebsd Freebsd	Version 11.2 p2
Freebsd Freebsd	Version 11.2 p3
Freebsd Freebsd	Version 11.2 p4
Freebsd Freebsd	Version 11.2 p5
Freebsd Freebsd	Version 11.2 p6
Freebsd Freebsd	Version 11.2 p7
Freebsd Freebsd	Version 11.2 p8
Freebsd Freebsd	Version 11.2 p9
Freebsd Freebsd	Version 11.3
Freebsd Freebsd	Version 11.3
Freebsd Freebsd	Version 11.3 p1
Freebsd Freebsd	Version 11.3 p2
Freebsd Freebsd	Version 11.3 p3
Freebsd Freebsd	Version 12.0
Freebsd Freebsd	Version 12.0 p1
Freebsd Freebsd	Version 12.0 p3
Freebsd Freebsd	Version 12.0 p4
Freebsd Freebsd	Version 12.0 p5
Freebsd Freebsd	Version 12.0 p8