Bug 1516447 (CVE-2017-16820) - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c
Summary: CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c
Status: CLOSED ERRATA
Alias: CVE-2017-16820
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20171114,repor...
Keywords: Security
Depends On: 1558834 1558835 1516449 1516450 1516451 1517567 1517568 1540409 1541204 1550290 1558823
Blocks: 1516452
TreeView+ depends on / blocked
 
Reported: 2017-11-22 16:07 UTC by Pedro Sampaio
Modified: 2019-06-11 11:13 UTC (History)
35 users (show)

(edit)
A double-free vulnerability was found in the csnmp_read_table function in the SNMP plugin of collectd. A network-based attacker could exploit this by sending malformed data, causing collectd to crash or possibly other impact.
Clone Of:
(edit)
Last Closed: 2019-06-08 03:31:46 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0252 normal SHIPPED_LIVE Moderate: collectd security update 2018-01-31 02:08:56 UTC
Red Hat Product Errata RHSA-2018:0299 normal SHIPPED_LIVE Moderate: collectd security update 2018-02-13 21:13:11 UTC
Red Hat Product Errata RHSA-2018:0560 None None None 2018-03-20 16:36 UTC
Red Hat Product Errata RHSA-2018:1605 None None None 2018-05-17 15:26 UTC
Red Hat Product Errata RHSA-2018:2615 None None None 2018-09-04 06:39 UTC

Description Pedro Sampaio 2017-11-22 16:07:48 UTC
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).

Upstream bug:

https://github.com/collectd/collectd/issues/2291

Upstream patch:

https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47

References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881757

Comment 1 Pedro Sampaio 2017-11-22 16:08:51 UTC
Created collectd tracking bugs for this issue:

Affects: epel-6 [bug 1516449]
Affects: epel-7 [bug 1516450]
Affects: fedora-all [bug 1516451]

Comment 2 Joshua Padman 2017-11-23 05:59:38 UTC
Versions 5.7.x are vulnerable too.

Conditions exist in OSP11/12 package collectd-5.7.2-1.1.el7ost. Still completing analysis.

Comment 3 Joshua Padman 2017-11-24 05:59:18 UTC
Still determining severity for OSP. collectd was tech preview in 7-9 so marking won't fix for those.

Comment 4 Joshua Padman 2017-11-26 22:10:26 UTC
collectd is in tech preview in OSP10 as well, marked accordingly.

Fixing in OSP11-12 partly because the security risk but also as a reasonable use case also has potential to crash the application.

Comment 6 errata-xmlrpc 2018-01-30 21:08:27 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 12.0 Operational Tools for RHEL 7

Via RHSA-2018:0252 https://access.redhat.com/errata/RHSA-2018:0252

Comment 10 errata-xmlrpc 2018-02-13 16:12:39 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7

Via RHSA-2018:0299 https://access.redhat.com/errata/RHSA-2018:0299

Comment 13 errata-xmlrpc 2018-03-20 16:35:43 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for RHEL-7
  Red Hat Virtualization Engine 4.1

Via RHSA-2018:0560 https://access.redhat.com/errata/RHSA-2018:0560

Comment 16 errata-xmlrpc 2018-05-17 15:26:16 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7

Via RHSA-2018:1605 https://access.redhat.com/errata/RHSA-2018:1605

Comment 18 errata-xmlrpc 2018-09-04 06:39:04 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2018:2615 https://access.redhat.com/errata/RHSA-2018:2615


Note You need to log in before you can comment on or make changes to this bug.