mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

net-snmp: Fix for CVE-2025-68615

Browse Source 
Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/b4e6f826d9ddcc2d72eac432746807e1234266db

Reference: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Vijay Anusuri
2026-01-07 21:01:25 +05:30
committed by Gyorgy Sarvari
parent 53abba638b
commit 42e868a468
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch
+33
View File
@@ -0,0 +1,33 @@
From b4e6f826d9ddcc2d72eac432746807e1234266db Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sun, 2 Nov 2025 14:48:55 -0800
Subject: [PATCH] snmptrapd: Fix out-of-bounds trapOid[] accesses
Fixes: https://issues.oss-fuzz.com/issues/457106694
Fixes: https://issues.oss-fuzz.com/issues/458668421
Fixes: https://issues.oss-fuzz.com/issues/458876071
Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/b4e6f826d9ddcc2d72eac432746807e1234266db]
CVE: CVE-2025-68615
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
apps/snmptrapd_handlers.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/apps/snmptrapd_handlers.c b/apps/snmptrapd_handlers.c
index 6cd126f266..afd93ed0fb 100644
--- a/apps/snmptrapd_handlers.c
+++ b/apps/snmptrapd_handlers.c
@@ -1112,6 +1112,12 @@ snmp_input(int op, netsnmp_session *session,
*/
if (pdu->trap_type == SNMP_TRAP_ENTERPRISESPECIFIC) {
trapOidLen = pdu->enterprise_length;
+ /*
+ * Drop packets that would trigger an out-of-bounds trapOid[]
+ * access.
+ */
+ if (trapOidLen < 1 || trapOidLen > OID_LENGTH(trapOid) - 2)
+ return 1;
memcpy(trapOid, pdu->enterprise, sizeof(oid) * trapOidLen);
if (trapOid[trapOidLen - 1] != 0) {
trapOid[trapOidLen++] = 0;
meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
+1
View File
@@ -28,6 +28,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \
file://CVE-2022-44792-CVE-2022-44793.patch \
file://0001-unload_all_mibs-fix-memory-leak-by-freeing-tclist.patch \
file://CVE-2025-68615.patch \
"
SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a"