Dear Net-SNMP Developers, I hope this email finds you well.
I am writing to inquire about the proper procedure for reporting a potential security vulnerability I have discovered in Net-SNMP. While analyzing the Net-SNMP source code, I have identified what appears to be a buffer overflow vulnerability in the network statistics functionality. To follow responsible disclosure practices, I would like to report this issue privately to the project maintainers before any public disclosure. Could you please advise on the preferred method for submitting detailed vulnerability reports? Specifically, I would like to know: 1. Is there a dedicated security contact email or private reporting channel? 2. What information should be included in the vulnerability report? 3. What is the typical timeline for security issue resolution? I can provide: - Detailed technical analysis of the vulnerability - Affected code locations and line numbers - Potential impact assessment - Suggested fix/patch recommendations - Proof-of-concept code (if needed) I understand the importance of responsible disclosure and am committed to working with the project team to address this issue appropriately. Thank you for your time and guidance. I look forward to your response. Best regards, JustCoding247
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
