CVE-2014-2310

Publication date 10 March 2014

Last updated 24 July 2024

Ubuntu priority

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
net-snmp	13.10 saucy	Not affected
	12.10 quantal	Fixed 5.4.3~dfsg-2.5ubuntu1.1
	12.04 LTS precise	Fixed 5.4.3~dfsg-2.4ubuntu1.2
	10.04 LTS lucid	Fixed 5.4.2.1~dfsg0ubuntu1-0ubuntu2.3

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
net-snmp	Upstream: http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2166-1
Net-SNMP vulnerabilities
14 April 2014

Other references

http://seclists.org/oss-sec/2014/q1/513
https://www.cve.org/CVERecord?id=CVE-2014-2310