MNBSD-2019-3: Insufficient length validation in bsnmp TLV decoding

Severity: Unknown

Affected Package: bsnmp

Summary: Insufficient length validation in bsnmp TLV decoding

Description

A function in the bsnmp library that extracts the length from type-length-value (TLV) encoding does not properly validate the submitted length. A remote user could cause an out-of-bounds read, decoding of unrelated data, or a crash of software such as bsnmpd, resulting in a denial of service.

Affected Versions

bsnmp

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2019-5610

Published: August 08, 2019
Last Modified: August 08, 2019