Package: snmptrapd Version: 5.9.4+dfsg-2 Severity: critical Tags: security upstream Justification: causes serious data loss X-Debbugs-Cc: Debian Security Team <[email protected]>
In snmptrapd versions below 5.9.5 a specially crafted packet can cause the daemon to have a buffer overflow and the daemon to crash. Haven't yet isolated the specific patch for backporting yet. On Debian systems with the default setup, snmptrapd runs as user Debian-snmp however it is possible to run as root. CVE-2025-68615 has a CVSS score of 9.8 and doesn't need authentication. References: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq https://nvd.nist.gov/vuln/detail/CVE-2025-68615 -- System Information: Debian Release: 13.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.12.57+deb13-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages snmptrapd depends on: ii init-system-helpers 1.69~deb13u1 ii libc6 2.41-12 ii libnetsnmptrapd40t64 5.9.4+dfsg-2 ii libsnmp40t64 5.9.4+dfsg-2 ii libwrap0 7.6.q-36 ii snmpd 5.9.4+dfsg-2 Versions of packages snmptrapd recommends: ii perl 5.40.1-6 snmptrapd suggests no packages. -- Configuration Files: /etc/snmp/snmptrapd.conf changed [not included] -- no debconf information
