CVE-2019-5610 - Vulnerability Details

Vendors	Products
Freebsd	Freebsd
Netapp	Clustered Data Ontap

Link	Providers
http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html
https://seclists.org/bugtraq/2019/Aug/6
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc
https://security.netapp.com/advisory/ntap-20190910-0002/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "n/a", "versions": [{"status": "affected", "version": "12.0-RELEASE before 12.0-RELEASE-p9"}, {"status": "affected", "version": "11.3-RELEASE before 11.3-RELEASE-p2"}, {"status": "affected", "version": "11.2-RELEASE before 11.2-RELEASE-p13"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service."}], "problemTypes": [{"descriptions": [{"description": "Out of bounds read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-10T14:06:15", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "FreeBSD-SA-19:20", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/6"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2019-5610", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "12.0-RELEASE before 12.0-RELEASE-p9"}, {"version_value": "11.3-RELEASE before 11.3-RELEASE-p2"}, {"version_value": "11.2-RELEASE before 11.2-RELEASE-p13"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out of bounds read"}]}]}, "references": {"reference_data": [{"name": "FreeBSD-SA-19:20", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/6"}, {"name": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html"}, {"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc", "refsource": "CONFIRM", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"name": "https://security.netapp.com/advisory/ntap-20190910-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.676Z"}, "title": "CVE Program Container", "references": [{"name": "FreeBSD-SA-19:20", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"}]}]}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2019-5610", "datePublished": "2019-08-29T21:37:28", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-08-04T20:01:51.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : FreeBSD (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 12.0-RELEASE before 12.0-RELEASE-p9 (string)

}

1 : { »

status : affected (string)

version : 11.3-RELEASE before 11.3-RELEASE-p2 (string)

}

2 : { »

status : affected (string)

version : 11.2-RELEASE before 11.2-RELEASE-p13 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Out of bounds read (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-09-10T14:06:15 (string)

orgId : 63664ac6-956c-4cba-a5d0-f46076e16109 (string)

shortName : freebsd (string)

}

references : [ »

0 : { »

name : FreeBSD-SA-19:20 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FREEBSD (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

1 : { »

name : 20190806 FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : https://seclists.org/bugtraq/2019/Aug/6 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://security.netapp.com/advisory/ntap-20190910-0002/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secteam@freebsd.org (string)

ID : CVE-2019-5610 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : FreeBSD (string)

version : { »

version_data : [ »

0 : { »

version_value : 12.0-RELEASE before 12.0-RELEASE-p9 (string)

}

1 : { »

version_value : 11.3-RELEASE before 11.3-RELEASE-p2 (string)

}

2 : { »

version_value : 11.2-RELEASE before 11.2-RELEASE-p13 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Out of bounds read (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : FreeBSD-SA-19:20 (string)

refsource : FREEBSD (string)

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

1 : { »

name : 20190806 FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp (string)

refsource : BUGTRAQ (string)

url : https://seclists.org/bugtraq/2019/Aug/6 (string)

}

2 : { »

name : http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html (string)

refsource : MISC (string)

url : http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html (string)

}

3 : { »

name : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

refsource : CONFIRM (string)

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

4 : { »

name : https://security.netapp.com/advisory/ntap-20190910-0002/ (string)

refsource : CONFIRM (string)

url : https://security.netapp.com/advisory/ntap-20190910-0002/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T20:01:51.676Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : FreeBSD-SA-19:20 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FREEBSD (string)

2 : x_transferred (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

1 : { »

name : 20190806 FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : https://seclists.org/bugtraq/2019/Aug/6 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://security.netapp.com/advisory/ntap-20190910-0002/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 63664ac6-956c-4cba-a5d0-f46076e16109 (string)

assignerShortName : freebsd (string)

cveId : CVE-2019-5610 (string)

datePublished : 2019-08-29T21:37:28 (string)

dateReserved : 2019-01-07T00:00:00 (string)

dateUpdated : 2024-08-04T20:01:51.676Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*", "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*", "matchCriteriaId": "0A8A5CDA-E099-47BA-A0C0-2F79C0432156", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*", "matchCriteriaId": "9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*", "matchCriteriaId": "63721E89-F453-423F-B34B-07B44C85A052", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*", "matchCriteriaId": "34134EDA-127A-48E2-B630-94DEF14666A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*", "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*", "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*", "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*", "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*", "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*", "matchCriteriaId": "1164B48E-2F28-43C5-9B7B-546EAE12E27D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*", "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "528F64CB-7A82-45C0-87CD-74EB975CC0BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*", "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*", "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*", "matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*", "matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*", "matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*", "matchCriteriaId": "6D71D083-3279-4DF4-91E1-38C373DD062F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*", "matchCriteriaId": "3070787D-76E1-4671-B99D-213F7103B3A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service."}, {"lang": "es", "value": "En FreeBSD versi\u00f3n 12.0-STABLE anterior a r350637, versi\u00f3n 12.0-RELEASE anterior a 12.0-RELEASE-p9, versi\u00f3n 11.3-STABLE anterior a r350638, versi\u00f3n 11.3-RELEASE anterior a 11.3-RELEASE-p2, y versi\u00f3n 11.2-RELEASE anterior a 11.2-RELEASE-p13, la biblioteca bsnmp no comprueba apropiadamente la longitud enviada desde una codificaci\u00f3n type-length-value. Un usuario remoto podr\u00eda causar una lectura fuera de l\u00edmites o desencadenar un bloqueo del software, tal y como bsnmpd, resultando en una denegaci\u00f3n de servicio."}], "id": "CVE-2019-5610", "lastModified": "2024-11-21T04:45:13.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-30T09:15:20.847", "references": [{"source": "secteam@freebsd.org", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html"}, {"source": "secteam@freebsd.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/6"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190910-0002/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:* (string)

matchCriteriaId : 3ACD1D8D-B3BC-4E99-B846-90A4071DB87B (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:* (string)

matchCriteriaId : 0A8A5CDA-E099-47BA-A0C0-2F79C0432156 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:* (string)

matchCriteriaId : 9AF6EBB1-EADE-41E2-A47B-0EC20F0C9899 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:* (string)

matchCriteriaId : 63721E89-F453-423F-B34B-07B44C85A052 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:* (string)

matchCriteriaId : 34134EDA-127A-48E2-B630-94DEF14666A9 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:* (string)

matchCriteriaId : 699FE432-8DF0-49F1-A98B-0E19CE01E5CE (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:* (string)

matchCriteriaId : 20B06752-39EE-4600-AC1F-69FB9C88E2A8 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:* (string)

matchCriteriaId : 22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:* (string)

matchCriteriaId : E86CD544-86C4-4D9D-9CE5-087027509EDA (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:* (string)

matchCriteriaId : 64E47AE7-BB45-428E-90E9-38BFDFF23650 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:* (string)

matchCriteriaId : 586B9FA3-65A2-41EB-A848-E4A75565F0CA (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:* (string)

matchCriteriaId : 1164B48E-2F28-43C5-9B7B-546EAE12E27D (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:* (string)

matchCriteriaId : F0B15B89-3AD2-4E03-9F47-DA934702187B (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 528F64CB-7A82-45C0-87CD-74EB975CC0BC (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:* (string)

matchCriteriaId : F35957CE-AF9F-40CA-BDD1-FA6A0E73783F (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:* (string)

matchCriteriaId : EA929713-B797-494A-853D-C121D9D69519 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:* (string)

matchCriteriaId : 3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:* (string)

matchCriteriaId : EA5006FF-06A5-4D95-BF5B-29F26248D11F (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 826B53C2-517F-4FC6-92E8-E7FCB24F91B4 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:* (string)

matchCriteriaId : 93F10A46-AEF2-4FDD-92D6-0CF07B70F986 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:* (string)

matchCriteriaId : C4029113-130F-4A33-A8A0-BC3E74000378 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:* (string)

matchCriteriaId : 46C5A6FD-7BBF-4E84-9895-8EE14DC846E4 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:* (string)

matchCriteriaId : 6D71D083-3279-4DF4-91E1-38C373DD062F (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:* (string)

matchCriteriaId : 3070787D-76E1-4671-B99D-213F7103B3A2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1FE996B1-6951-4F85-AA58-B99A379D2163 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. (string)

}

1 : { »

lang : es (string)

value : En FreeBSD versión 12.0-STABLE anterior a r350637, versión 12.0-RELEASE anterior a 12.0-RELEASE-p9, versión 11.3-STABLE anterior a r350638, versión 11.3-RELEASE anterior a 11.3-RELEASE-p2, y versión 11.2-RELEASE anterior a 11.2-RELEASE-p13, la biblioteca bsnmp no comprueba apropiadamente la longitud enviada desde una codificación type-length-value. Un usuario remoto podría causar una lectura fuera de límites o desencadenar un bloqueo del software, tal y como bsnmpd, resultando en una denegación de servicio. (string)

}

]

id : CVE-2019-5610 (string)

lastModified : 2024-11-21T04:45:13.927 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-08-30T09:15:20.847 (string)

references : [ »

0 : { »

source : secteam@freebsd.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html (string)

}

1 : { »

source : secteam@freebsd.org (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://seclists.org/bugtraq/2019/Aug/6 (string)

}

2 : { »

source : secteam@freebsd.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

3 : { »

source : secteam@freebsd.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

4 : { »

source : secteam@freebsd.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20190910-0002/ (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://seclists.org/bugtraq/2019/Aug/6 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20190910-0002/ (string)

}

]

sourceIdentifier : secteam@freebsd.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-125 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object