Vulnerabilities > CVE-2020-6060 - Out-of-bounds Write vulnerability in Minisnmpd Project Minisnmpd 1.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
minisnmpd-project
CWE-787
NVD
Published: 2020-02-04
Updated: 2024-11-21

Summary

A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server.

Vulnerable Configurations

Part Description Count
Application
Minisnmpd_Project
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0977
last seen2020-02-12
published2020-02-03
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0977
titleMini-SNMPD socket disconnect denial-of-service vulnerability

References