Vincent Bernat

**Name of the Vulnerable Software and Affected Versions** Net-SNMP versions prior to 5.4.4 **Description** The issue allows remote attackers to cause a denial of service by sending a multi-object request with an Object ID containing more subids than previous requests. **Recommendations** For versions prior to 5.4.4, update to version 5.4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pimd versions 2.1.5 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on certain files when specific signals are sent. This can occur with `pimd.dump` when a USR1 signal is sent, or with `pimd.cache` when a USR2 signal is sent. **Recommendations** For versions 2.1.5 and earlier, consider restricting access to the USR1 and USR2 signals to prevent exploitation. Additionally, as a temporary workaround, consider implementing file system permissions to limit the ability to overwrite arbitrary files.