ASA-2019-00509 – FreeBSD: Insufficient message length validation in bsnmp library


Allele Security Alert

ASA-2019-00509

Identifier(s)

ASA-2019-00509, CVE-2019-5610, FreeBSD-SA-19:20.bsnmp

Title

Insufficient message length validation in bsnmp library

Vendor(s)

The FreeBSD Project

Product(s)

FreeBSD

Affected version(s)

All supported versions of FreeBSD

Fixed version(s)

2019-08-06 16:11:16 UTC (stable/12, 12.0-STABLE)
2019-08-06 17:12:17 UTC (releng/12.0, 12.0-RELEASE-p9)
2019-08-06 16:12:43 UTC (stable/11, 11.3-STABLE)
2019-08-06 17:12:17 UTC (releng/11.3, 11.3-RELEASE-p2)
2019-08-06 17:12:17 UTC (releng/11.2, 11.2-RELEASE-p13)

Proof of concept

Unknown

Description

A function extracting the length from type-length-value encoding is not properly validating the submitted length.

A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.

Technical details

Unknown

Credits

Guido Vranken

Reference(s)

FreeBSD-SA-19:20.bsnmp.asc
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:20.bsnmp.asc

bsnmp.patch
https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch

bsnmp.patch.asc
https://security.FreeBSD.org/patches/SA-19:20/bsnmp.patch.asc

[base] Revision 350637
https://svnweb.freebsd.org/base?view=revision&revision=r350637

[base] Revision 350646
https://svnweb.freebsd.org/base?view=revision&revision=r350646

[base] Revision 350638
https://svnweb.freebsd.org/base?view=revision&revision=r350638

CVE-2019-5610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5610

CVE-2019-5610
https://nvd.nist.gov/vuln/detail/CVE-2019-5610

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: August 12, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.