Red Hat Bugzilla – Bug 1070396
CVE-2014-2284 net-snmp: denial of service flaw in Linux implementation of ICMP-MIB
Last modified: 2015-11-24 10:45:09 EST
It was reported  that Net-SNMP releases 5.5 through 5.7.2 were vulnerable to a potential remotely-triggerable denial of service attack on the Linux platform, when the ICMP-MIB is in use. Net-SNMP 5.4.x users, and those who do not make use of the ICMP-MIB table objects, are not vulnerable.
This is fixed in git .
Created attachment 868119 [details]
upstream patch to correct the flaw
I don't like sourceforge's web interface to git so this is the actual patch in a useable form.
Created net-snmp tracking bugs for this issue:
Affects: fedora-all [bug 1071753]
MITRE assigned CVE-2014-2284 to this issue:
net-snmp-5.7.2-17.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
net-snmp-5.7.2-14.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:0321 https://rhn.redhat.com/errata/RHSA-2014-0321.html
Not vulnerable. This issue did not affect the versions of net-snmp as shipped with Red Hat Enterprise Linux 5.