On Tue, Oct 17, 2023 at 02:49:05PM +0200, Martijn van Duren wrote: > > Currently ax.c doesn't check the maximum length of an OID ax_pdutooid. > > This can lead to a buffer overflow. Even though it must be fixed, I > > don't think there's a big risk here, since an attacker would need to have > > access to the agentx socket, which by default is disabled and defaults > > to root:_agentx when enabled. > > Here's the libagentx counterpart.
ok for both
