| Package | net-snmp |
|---|---|
| Version | 5.7.3+dfsg-1.7+deb9u6 (stretch), 5.7.3+dfsg-5+deb10u5 (buster) |
| Related CVEs | CVE-2025-68615 |
net-snmp is a SNMP application library, tools and daemon.
A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash.
(SNMP ports should never be open to public networks. There is no mitigation available other than ensuring ports to snmptrapd are appropriately firewalled or by upgrading.)
For Debian 10 buster, these problems have been fixed in version 5.7.3+dfsg-5+deb10u5.
For Debian 9 stretch, these problems have been fixed in version 5.7.3+dfsg-1.7+deb9u6.
We recommend that you upgrade your net-snmp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.