Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/b4e6f826d9ddcc2d72eac432746807e1234266db
Reference: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq Signed-off-by: Vijay Anusuri <[email protected]> --- .../net-snmp/net-snmp/CVE-2025-68615.patch | 33 +++++++++++++++++++ .../net-snmp/net-snmp_5.9.4.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch new file mode 100644 index 0000000000..1e6c65f0e5 --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch @@ -0,0 +1,33 @@ +From b4e6f826d9ddcc2d72eac432746807e1234266db Mon Sep 17 00:00:00 2001 +From: Bart Van Assche <[email protected]> +Date: Sun, 2 Nov 2025 14:48:55 -0800 +Subject: [PATCH] snmptrapd: Fix out-of-bounds trapOid[] accesses + +Fixes: https://issues.oss-fuzz.com/issues/457106694 +Fixes: https://issues.oss-fuzz.com/issues/458668421 +Fixes: https://issues.oss-fuzz.com/issues/458876071 + +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/b4e6f826d9ddcc2d72eac432746807e1234266db] +CVE: CVE-2025-68615 +Signed-off-by: Vijay Anusuri <[email protected]> +--- + apps/snmptrapd_handlers.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/apps/snmptrapd_handlers.c b/apps/snmptrapd_handlers.c +index 6cd126f266..afd93ed0fb 100644 +--- a/apps/snmptrapd_handlers.c ++++ b/apps/snmptrapd_handlers.c +@@ -1112,6 +1112,12 @@ snmp_input(int op, netsnmp_session *session, + */ + if (pdu->trap_type == SNMP_TRAP_ENTERPRISESPECIFIC) { + trapOidLen = pdu->enterprise_length; ++ /* ++ * Drop packets that would trigger an out-of-bounds trapOid[] ++ * access. ++ */ ++ if (trapOidLen < 1 || trapOidLen > OID_LENGTH(trapOid) - 2) ++ return 1; + memcpy(trapOid, pdu->enterprise, sizeof(oid) * trapOidLen); + if (trapOid[trapOidLen - 1] != 0) { + trapOid[trapOidLen++] = 0; diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb index 95e900b88e..d45cee86f5 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb @@ -30,6 +30,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://0001-Android-Fix-the-build.patch \ file://netsnmp-swinst-crash.patch \ file://net-snmp-5.9.4-kernel-6.7.patch \ + file://CVE-2025-68615.patch \ " SRC_URI[sha256sum] = "8b4de01391e74e3c7014beb43961a2d6d6fa03acc34280b9585f4930745b0544" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123247): https://lists.openembedded.org/g/openembedded-devel/message/123247 Mute This Topic: https://lists.openembedded.org/mt/117149083/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
