Vulnerability Details : CVE-2005-2177
Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2005-2177
Probability of exploitation activity in the next 30 days: 10.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-2177
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2005-2177
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-2177
-
http://www.ubuntu.com/usn/usn-190-1
-
http://www.vupen.com/english/advisories/2007/1883
Vendor Advisory
- http://www.securityfocus.com/archive/1/451419/100/200/threaded
-
http://www.vupen.com/english/advisories/2006/4677
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-720.html
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
-
http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
Patch
- http://www.vmware.com/download/esx/esx-254-200610-patch.html
- http://www.novell.com/linux/security/advisories/2007_13_sr.html
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9986
-
http://www.vupen.com/english/advisories/2006/4502
Vendor Advisory
- http://www.novell.com/linux/security/advisories/2005_24_sr.html
-
http://www.securityfocus.com/bid/21256
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
-
http://www.net-snmp.org/about/ChangeLog.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
-
http://support.avaya.com/elmodocs2/security/ASA-2005-225.pdf
- http://www.securityfocus.com/archive/1/451426/100/200/threaded
- http://www.redhat.com/support/errata/RHSA-2005-395.html
-
http://www.securityfocus.com/bid/14168
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102725-1
- http://www.novell.com/linux/security/advisories/2007_12_sr.html
-
http://www.trustix.org/errata/2005/0034/
Patch;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-873
-
http://securitytracker.com/id?1017273
- http://www.redhat.com/support/errata/RHSA-2005-373.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:025
Products affected by CVE-2005-2177
- cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.4_pre2:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0:*:*:*:*:*:*:*