Vulnerability-Lookup

RHSA-2018:2615

Vulnerability from csaf_redhat - Published: 2018-09-04 13:17 - Updated: 2025-11-21 18:06

Summary

Red Hat Security Advisory: collectd security update

Notes

Topic

An update for collectd is now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

collectd is a host-based system statistics collection daemon that gathers metrics from various sources periodically, such as the operating system, applications, log files and devices, and storage clusters. As the daemon does not start up each time it updates files, it has a low system footprint. For Red Hat Gluster Storage Web Administration 3.4, collectd service is responsible for gathering metrics from Red Hat Gluster Storage clusters. The updated collectd package includes the following security bug fixes. Security Fix(es): * collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions (CVE-2017-7401) * collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This updated package contains a number of bug fixes and enhancements, which are documented in detail in the Release Notes, linked in the References. All users of collectd are advised to upgrade to these updated packages, which resolve these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for collectd is now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "collectd is a host-based system statistics collection daemon that gathers metrics from various sources periodically, such as the operating system, applications, log files and devices, and storage clusters. As the daemon does not start up each time it updates files, it has a low system footprint.\n\nFor Red Hat Gluster Storage Web Administration 3.4, collectd service is responsible for gathering metrics from Red Hat Gluster Storage clusters. \n\nThe updated collectd package includes the following security bug fixes.\n\nSecurity Fix(es):\n\n* collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions (CVE-2017-7401)\n\n* collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis updated package contains a number of bug fixes and enhancements, which are documented in detail in the Release Notes, linked in the References.\n\nAll users of collectd are advised to upgrade to these updated packages, which resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2615",
        "url": "https://access.redhat.com/errata/RHSA-2018:2615"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/3.4/html/3.4_release_notes/",
        "url": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/3.4/html/3.4_release_notes/"
      },
      {
        "category": "external",
        "summary": "1439674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439674"
      },
      {
        "category": "external",
        "summary": "1516447",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516447"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2615.json"
      }
    ],
    "title": "Red Hat Security Advisory: collectd security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:06:00+00:00",
      "generator": {
        "date": "2025-11-21T18:06:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2018:2615",
      "initial_release_date": "2018-09-04T13:17:12+00:00",
      "revision_history": [
        {
          "date": "2018-09-04T13:17:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-09-04T13:17:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:06:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
                "product": {
                  "name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
                  "product_id": "7Server-RH-Gluster-3.4-NodeAgent",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:storage:3.4:na:el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
                "product": {
                  "name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
                  "product_id": "7Server-RH-Gluster-3.4-WebAdministration",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:storage:3.4:wa:el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Gluster Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "collectd-0:5.7.2-3.1.el7rhgs.x86_64",
                "product": {
                  "name": "collectd-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_id": "collectd-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/collectd@5.7.2-3.1.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
                "product": {
                  "name": "collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_id": "collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/collectd-debuginfo@5.7.2-3.1.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
                "product": {
                  "name": "collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_id": "collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/collectd-ping@5.7.2-3.1.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
                "product": {
                  "name": "libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_id": "libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcollectdclient@5.7.2-3.1.el7rhgs?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "collectd-0:5.7.2-3.1.el7rhgs.src",
                "product": {
                  "name": "collectd-0:5.7.2-3.1.el7rhgs.src",
                  "product_id": "collectd-0:5.7.2-3.1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/collectd@5.7.2-3.1.el7rhgs?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-0:5.7.2-3.1.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.src"
        },
        "product_reference": "collectd-0:5.7.2-3.1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "collectd-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-NodeAgent:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-NodeAgent:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-NodeAgent:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-0:5.7.2-3.1.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.src"
        },
        "product_reference": "collectd-0:5.7.2-3.1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "collectd-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-WebAdministration:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-WebAdministration:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-WebAdministration:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
        },
        "product_reference": "libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7401",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2017-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1439674"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with \"SecurityLevel None\" and empty \"AuthFile\" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.src",
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-NodeAgent:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.src",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-7401"
        },
        {
          "category": "external",
          "summary": "RHBZ#1439674",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439674"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7401"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7401",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7401"
        }
      ],
      "release_date": "2017-02-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-09-04T13:17:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2615"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions"
    },
    {
      "cve": "CVE-2017-16820",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2017-11-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1516447"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A double-free vulnerability was found in the csnmp_read_table function in the SNMP plugin of collectd. A network-based attacker could exploit this by sending malformed data, causing collectd to crash or possibly other impact.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "collectd: double free in csnmp_read_table function in snmp.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.src",
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-NodeAgent:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-NodeAgent:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.src",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-WebAdministration:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-16820"
        },
        {
          "category": "external",
          "summary": "RHBZ#1516447",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516447"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-16820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-16820"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16820",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16820"
        }
      ],
      "release_date": "2017-11-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-09-04T13:17:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2615"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-NodeAgent:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.src",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-debuginfo-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:collectd-ping-0:5.7.2-3.1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-WebAdministration:libcollectdclient-0:5.7.2-3.1.el7rhgs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "collectd: double free in csnmp_read_table function in snmp.c"
    }
  ]
}

CVE-2017-16820 (GCVE-0-2017-16820)

Vulnerability from cvelistv5 – Published: 2017-11-14 21:00 – Updated: 2024-08-05 20:35

Summary

The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:0252	vendor-advisoryx_refsource_REDHAT
	https://security.gentoo.org/glsa/201803-10	vendor-advisoryx_refsource_GENTOO
	https://bugs.debian.org/881757	x_refsource_CONFIRM
	https://github.com/collectd/collectd/issues/2291	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:0560	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1605	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2615	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0299	vendor-advisoryx_refsource_REDHAT
	https://github.com/collectd/collectd/releases/tag…	x_refsource_CONFIRM
	https://github.com/collectd/collectd/commit/d16c2…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:21.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0252",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0252"
          },
          {
            "name": "GLSA-201803-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201803-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/881757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/collectd/collectd/issues/2291"
          },
          {
            "name": "RHSA-2018:0560",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0560"
          },
          {
            "name": "RHSA-2018:1605",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1605"
          },
          {
            "name": "RHSA-2018:2615",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2615"
          },
          {
            "name": "RHSA-2018:0299",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0299"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/collectd/collectd/releases/tag/collectd-5.6.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-04T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:0252",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0252"
        },
        {
          "name": "GLSA-201803-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201803-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/881757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/collectd/collectd/issues/2291"
        },
        {
          "name": "RHSA-2018:0560",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0560"
        },
        {
          "name": "RHSA-2018:1605",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1605"
        },
        {
          "name": "RHSA-2018:2615",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2615"
        },
        {
          "name": "RHSA-2018:0299",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0299"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/collectd/collectd/releases/tag/collectd-5.6.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16820",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0252",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0252"
            },
            {
              "name": "GLSA-201803-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201803-10"
            },
            {
              "name": "https://bugs.debian.org/881757",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/881757"
            },
            {
              "name": "https://github.com/collectd/collectd/issues/2291",
              "refsource": "CONFIRM",
              "url": "https://github.com/collectd/collectd/issues/2291"
            },
            {
              "name": "RHSA-2018:0560",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0560"
            },
            {
              "name": "RHSA-2018:1605",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1605"
            },
            {
              "name": "RHSA-2018:2615",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2615"
            },
            {
              "name": "RHSA-2018:0299",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0299"
            },
            {
              "name": "https://github.com/collectd/collectd/releases/tag/collectd-5.6.3",
              "refsource": "CONFIRM",
              "url": "https://github.com/collectd/collectd/releases/tag/collectd-5.6.3"
            },
            {
              "name": "https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47",
              "refsource": "CONFIRM",
              "url": "https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16820",
    "datePublished": "2017-11-14T21:00:00",
    "dateReserved": "2017-11-14T00:00:00",
    "dateUpdated": "2024-08-05T20:35:21.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7401 (GCVE-0-2017-7401)

Vulnerability from cvelistv5 – Published: 2017-04-03 14:00 – Updated: 2024-08-05 16:04

Summary

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2018:2615

CVE-2017-16820 (GCVE-0-2017-16820)

CVE-2017-7401 (GCVE-0-2017-7401)

Tags

Sightings

Nomenclature