CVE-2019-5610

Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.0-STABLE before r350637 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p9 FreeBSD versions 11.3-STABLE before r350638 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p2 FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p13

Description The issue arises from improper validation of the submitted length from a type-length-value encoding in the bsnmp library. This could allow a remote user to cause an out-of-bounds read or trigger a crash of the software, such as bsnmpd, resulting in a denial of service.

Recommendations For FreeBSD versions 12.0-STABLE before r350637, update to a version after r350637. For FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p9, update to 12.0-RELEASE-p9 or later. For FreeBSD versions 11.3-STABLE before r350638, update to a version after r350638. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p2, update to 11.3-RELEASE-p2 or later. For FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p13, update to 11.2-RELEASE-p13 or later.