Vulnerabilities > Collectd

DATE CVE VULNERABILITY TITLE RISK
2018-03-19 CVE-2017-18240 Improper Input Validation vulnerability in Collectd
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
local
low complexity
collectd CWE-20
5.5
2017-11-14 CVE-2017-16820 Double Free vulnerability in Collectd
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
network
low complexity
collectd CWE-415
critical
9.8
2017-04-03 CVE-2017-7401 Infinite Loop vulnerability in Collectd
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
network
low complexity
collectd CWE-835
7.5
2016-08-19 CVE-2016-6254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
network
low complexity
debian collectd fedoraproject CWE-119
critical
9.1