FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insufficient message length validation in bsnmp library

Affected packages
12.0 <= FreeBSD < 12.0_9
11.3 <= FreeBSD < 11.3_2
11.2 <= FreeBSD < 11.2_13

Details

VuXML ID 45a95fdd-f680-11e9-a87f-a4badb2f4699
Discovery 2019-08-06
Entry 2019-10-24

Problem Description:

A function extracting the length from type-length-value encoding is not properly validating the submitted length.

Impact:

A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.

References

CVE Name CVE-2019-5610
FreeBSD Advisory SA-19:20.bsnmp