CVE-2014-1452

Name of the Vulnerable Software and Affected Versions bsnmpd versions 8.3 through 10.0

Description The issue is a stack-based buffer overflow in the lib/snmpagent.c file of bsnmpd, which can be exploited by remote attackers. This is achieved by sending a crafted GETBULK PDU request, potentially allowing the execution of arbitrary code and causing a denial of service in the form of a daemon crash.

Recommendations For versions 8.3 through 10.0, consider restricting access to the vulnerable lib/snmpagent.c file until a patch is available. As a temporary workaround, avoid using the GETBULK PDU request in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.