ID CVE-2017-16820
Summary The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
References
Vulnerable Configurations
  • collectd 5.4.2
    cpe:2.3:a:collectd:collectd:5.4.2
  • collectd 5.5.1
    cpe:2.3:a:collectd:collectd:5.5.1
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-415
CAPEC
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-D7AB32CC23.NASL
    description Upstream released new version. See https://collectd.org/news.shtml#news106 for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 105137
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105137
    title Fedora 25 : collectd (2017-d7ab32cc23)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201803-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201803-10 (collectd: Multiple vulnerabilities) Multiple vulnerabilities have been found in Gentoo’s collectd package. Please review the referenced CVE identifiers and bug entries for details. Impact : A local attacker, who either is already collectd’s system user or belongs to collectd’s group, could potentially gain root privileges and cause a Denial of Service condition. Remote attackers could cause a Denial of Service condition via specially crafted SNMP responses. Workaround : There is no known workaround at this time.
    last seen 2018-03-24
    modified 2018-03-22
    plugin id 108525
    published 2018-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108525
    title GLSA-201803-10 : collectd: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-F47206EAE4.NASL
    description Upstream released new version. See https://collectd.org/news.shtml#news106 for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 106005
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106005
    title Fedora 27 : collectd (2017-f47206eae4)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-F9CFCEF9D6.NASL
    description Upstream released new version. See https://collectd.org/news.shtml#news106 for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 105139
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105139
    title Fedora 26 : collectd (2017-f9cfcef9d6)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-940.NASL
    description Double free in csnmp_read_table function in snmp.c : The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). (CVE-2017-16820)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 105620
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105620
    title Amazon Linux AMI : collectd (ALAS-2018-940)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0560.NASL
    description An update for collectd is now available for RHEV 4.X RHEV-H and Agents for RHEL-7 and RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a later upstream version: collectd (5.8.0). (BZ#1544653) Security Fix(es) : * collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2018-03-30
    modified 2018-03-28
    plugin id 108683
    published 2018-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108683
    title RHEL 7 : collectd (RHSA-2018:0560)
redhat via4
advisories
  • rhsa
    id RHSA-2018:0252
  • rhsa
    id RHSA-2018:0299
  • rhsa
    id RHSA-2018:0560
  • rhsa
    id RHSA-2018:1605
refmap via4
confirm
gentoo GLSA-201803-10
Last major update 14-11-2017 - 16:29
Published 14-11-2017 - 16:29
Last modified 19-05-2018 - 21:29
Back to Top