net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
An attacker sends a specially crafted network packet to the running snmptrapd daemon. The daemon improperly handles incoming data, leading to a buffer overflow (CWE-119). As a result, the daemon crashes. The vulnerability does not require any user interaction or system privileges.
An attacker can cause the snmptrapd daemon to crash, resulting in loss of availability of the SNMP monitoring system. Due to the critical CVSS score including high ratings for confidentiality and integrity, the vulnerability may potentially enable arbitrary code execution.
net-snmp should be updated to version 5.9.5 or 5.10.pre2, in which the bug has been fixed. Debian Linux users should apply updates available through the official distribution repositories. As a temporary workaround, it is recommended to restrict network access to the snmptrapd daemon port only to trusted hosts using firewall rules.
net-snmp in versions prior to 5.9.5 and prior to 5.10.pre2, including packages provided by Debian Linux
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian11.0Net Snmp
APPNet-Snmp5.10< 5.9.5
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki