vulnerability
SUSE: CVE-2017-7401: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Apr 3, 2017 | Feb 4, 2022 | Feb 4, 2022 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Apr 3, 2017
Added
Feb 4, 2022
Modified
Feb 4, 2022
Description
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
Solutions
suse-upgrade-collectdsuse-upgrade-collectd-plugin-connectivitysuse-upgrade-collectd-plugin-dbisuse-upgrade-collectd-plugin-ipmisuse-upgrade-collectd-plugin-javasuse-upgrade-collectd-plugin-luasuse-upgrade-collectd-plugin-mcelogsuse-upgrade-collectd-plugin-memcachecsuse-upgrade-collectd-plugin-mysqlsuse-upgrade-collectd-plugin-notify-desktopsuse-upgrade-collectd-plugin-nutsuse-upgrade-collectd-plugin-openldapsuse-upgrade-collectd-plugin-ovssuse-upgrade-collectd-plugin-pciesuse-upgrade-collectd-plugin-pinbasuse-upgrade-collectd-plugin-postgresqlsuse-upgrade-collectd-plugin-proceventsuse-upgrade-collectd-plugin-python3suse-upgrade-collectd-plugin-smartsuse-upgrade-collectd-plugin-snmpsuse-upgrade-collectd-plugin-synproxysuse-upgrade-collectd-plugin-syseventsuse-upgrade-collectd-plugin-uptimesuse-upgrade-collectd-plugin-virtsuse-upgrade-collectd-plugin-write_stackdriversuse-upgrade-collectd-plugin-write_syslogsuse-upgrade-collectd-plugins-allsuse-upgrade-collectd-spamassassinsuse-upgrade-collectd-websuse-upgrade-collectd-web-jssuse-upgrade-libcollectdclient-develsuse-upgrade-libcollectdclient1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.