Bug#1123861: marked as done (snmptrapd: CVE-2025-68615 snmptrapd buffer overflow and daemon crash)

Debian Bug Tracking System Sat, 27 Dec 2025 11:03:48 -0800

Your message dated Sat, 27 Dec 2025 19:01:01 +0000
with message-id <[email protected]>
and subject line Bug#1123861: fixed in net-snmp 5.9.5.2+dfsg-1
has caused the Debian Bug report #1123861,
regarding snmptrapd: CVE-2025-68615 snmptrapd buffer overflow and daemon crash
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1123861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123861
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: snmptrapd
Version: 5.9.4+dfsg-2
Severity: critical
Tags: security upstream
Justification: causes serious data loss
X-Debbugs-Cc: Debian Security Team <[email protected]>

In snmptrapd versions below 5.9.5 a specially crafted packet can cause
the daemon to have a buffer overflow and the daemon to crash.

Haven't yet isolated the specific patch for backporting yet.

On Debian systems with the default setup, snmptrapd runs as user
Debian-snmp however it is possible to run as root.

CVE-2025-68615 has a CVSS score of 9.8 and doesn't need authentication.

References:
 https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
 https://nvd.nist.gov/vuln/detail/CVE-2025-68615



-- System Information:
Debian Release: 13.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.57+deb13-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages snmptrapd depends on:
ii  init-system-helpers   1.69~deb13u1
ii  libc6                 2.41-12
ii  libnetsnmptrapd40t64  5.9.4+dfsg-2
ii  libsnmp40t64          5.9.4+dfsg-2
ii  libwrap0              7.6.q-36
ii  snmpd                 5.9.4+dfsg-2

Versions of packages snmptrapd recommends:
ii  perl  5.40.1-6

snmptrapd suggests no packages.

-- Configuration Files:
/etc/snmp/snmptrapd.conf changed [not included]

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: net-snmp
Source-Version: 5.9.5.2+dfsg-1
Done: Craig Small <[email protected]>

We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated net-snmp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 Dec 2025 17:25:02 +1100
Source: net-snmp
Binary: libnetsnmptrapd45 libnetsnmptrapd45-dbgsym libsnmp-base libsnmp-dev 
libsnmp-perl libsnmp-perl-dbgsym libsnmp45 libsnmp45-dbgsym snmp snmp-dbgsym 
snmpd snmpd-dbgsym snmptrapd snmptrapd-dbgsym tkmib
Architecture: source amd64 all
Version: 5.9.5.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
 libnetsnmptrapd45 - SNMP (Simple Network Management Protocol) trap library
 libsnmp-base - SNMP configuration script, MIBs and documentation
 libsnmp-dev - SNMP (Simple Network Management Protocol) development files
 libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
 libsnmp45  - SNMP (Simple Network Management Protocol) library
 snmp       - SNMP (Simple Network Management Protocol) applications
 snmpd      - SNMP (Simple Network Management Protocol) agents
 snmptrapd  - Net-SNMP notification receiver
 tkmib      - SNMP (Simple Network Management Protocol) MIB browser
Closes: 1123861
Changes:
 net-snmp (5.9.5.2+dfsg-1) unstable; urgency=medium
 .
   * New upstream release
     - Fixed a critical vulnerability in snmptrapd triggered by a specially
       crafted trap CVE-2025-68615 Closes: #1123861
   * Remove patches linux_systemstats as upstream applied
   * Library, soname 40 -> 45
   * Updated example snmpd.conf
Checksums-Sha1:
 c7e1a3323fd70f6af3e4c0ead7249b69c2779cac 2565 net-snmp_5.9.5.2+dfsg-1.dsc
 932adfa8ad73e574704e420eb0967ae7bef3f174 3671280 
net-snmp_5.9.5.2+dfsg.orig.tar.xz
 fef9f271d9b83cdb3ed8d415a923eeccb1a10363 70364 
net-snmp_5.9.5.2+dfsg-1.debian.tar.xz
 db2e233c2ef050aebe713dfc4710c89a64b98978 61672 
libnetsnmptrapd45-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 f6a5f62cab7243665bc701c20db92892f1c90fce 23376 
libnetsnmptrapd45_5.9.5.2+dfsg-1_amd64.deb
 9a192a70b0d85a94b3d1556748eeb81882d3f95d 1808004 
libsnmp-base_5.9.5.2+dfsg-1_all.deb
 11845d6c6768c431dc82018bddaf164cfb591401 201652 
libsnmp-dev_5.9.5.2+dfsg-1_amd64.deb
 d6276a856aeec218da4f4d3d5c02a829002b8855 256904 
libsnmp-perl-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 b950ea98ba2ff70756137eb2f72feca91c7ab342 1785564 
libsnmp-perl_5.9.5.2+dfsg-1_amd64.deb
 77a25f03753f9c1e7f32c6c19ec6fd9e23a41851 2181524 
libsnmp45-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 004f115bf80ad927a3e8aefd056143ba344e4ceb 2635296 
libsnmp45_5.9.5.2+dfsg-1_amd64.deb
 77cd8858b29d98b14602ecf2b0c2a5eb5d0118bc 10767 
net-snmp_5.9.5.2+dfsg-1_amd64.buildinfo
 805d0af21b631646eef1d36f47caa5da108b6fec 285948 
snmp-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 1ee61bcb06c5a1a869d092a2230b438907a8a553 179232 snmp_5.9.5.2+dfsg-1_amd64.deb
 8678950f4bfd5500f83dc2777fb69b0ae068bbcd 21084 
snmpd-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 b381dab5f23c05cc85d13ca1398151d76a3d12f1 59276 snmpd_5.9.5.2+dfsg-1_amd64.deb
 d71873292582477436eae041dc4d342d12a4bcbc 24492 
snmptrapd-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 a2e2821cd2fe459f924c9312b8f1b0fd1f10feca 24756 
snmptrapd_5.9.5.2+dfsg-1_amd64.deb
 f659a31b1b21f049e9c5c4bbd46570b70a1b2f1c 1707224 tkmib_5.9.5.2+dfsg-1_all.deb
Checksums-Sha256:
 741161cfd7329f8fa1b8c736b4c83369c327086ff6ce0e3e7910b53f1e7335cd 2565 
net-snmp_5.9.5.2+dfsg-1.dsc
 ca1d12ac950eb64ba3b7a5f3ef193e5c16118652551f2b963be987490691ebed 3671280 
net-snmp_5.9.5.2+dfsg.orig.tar.xz
 c063700c20dce355ac40fac3d26684fc22154556da2ec2946703cd12f79937bd 70364 
net-snmp_5.9.5.2+dfsg-1.debian.tar.xz
 2c19e573bcc02e6fdc0f73e344c691d843f733564f539f4659ede458b3340c91 61672 
libnetsnmptrapd45-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 523ea40ee5b11cdc2108506a9ffd6b1d1225266e79342fc6e7246f6040d0a208 23376 
libnetsnmptrapd45_5.9.5.2+dfsg-1_amd64.deb
 28f20dbaec404ba3f13a5bbd3340fd7c4e71602ca713bb8ff1871ea8c76f9ee7 1808004 
libsnmp-base_5.9.5.2+dfsg-1_all.deb
 fbcdb3bb574c086eea604994635cb9cd09b70b1e1cd853e167d6697452fd033f 201652 
libsnmp-dev_5.9.5.2+dfsg-1_amd64.deb
 d4bb193cd5b4e4d824fc313c4033bcdb74d1eca6d3cf6692589434bd927047fb 256904 
libsnmp-perl-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 571d2dfbf1207f8fe0dbf873ee8644455afdff8853e89f5ca04ed3eff383f9df 1785564 
libsnmp-perl_5.9.5.2+dfsg-1_amd64.deb
 d147c808eac2ea19f41b577296707bea380abff786b3a5147e9fc05276fd55a8 2181524 
libsnmp45-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 b6786b6424bc37be18feef75d27d3a3e0a40814d74f328e1ccd265f49c36447c 2635296 
libsnmp45_5.9.5.2+dfsg-1_amd64.deb
 58188a75f4ab7e6c85910091d575f15252fd889d8925caeece00dcc6294da970 10767 
net-snmp_5.9.5.2+dfsg-1_amd64.buildinfo
 16640e231803d4f1e40acb5a1b92b736f7be5a5271e458710cb7dde1be895070 285948 
snmp-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 ae6ea44fd50ea9ab1f13e9cd1206b06ef0052edd053c6c96ae006f1d78c550b8 179232 
snmp_5.9.5.2+dfsg-1_amd64.deb
 43922bdf56a41676314b51c04b0efdde7ab640afd0eac0ad30888411319eb52d 21084 
snmpd-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 e680dd951ea91a599120913a389e32bc0f1bb5998f8763a85235da53182babe0 59276 
snmpd_5.9.5.2+dfsg-1_amd64.deb
 1a7acba5e2783e3f487dcbe9c903a71bb7fe11495ff5492c669112fa4a6ee446 24492 
snmptrapd-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 4e796be7f31af91bd7d34df8ed5282418bccbdfaa42fd753b864465dcfb0fa85 24756 
snmptrapd_5.9.5.2+dfsg-1_amd64.deb
 9cfc42b708f0391222a9b0720d40c6b322391282941626b7e0456c47b2f99ca6 1707224 
tkmib_5.9.5.2+dfsg-1_all.deb
Files:
 8f477818b71d3bcba40d227a6508f8e6 2565 net optional net-snmp_5.9.5.2+dfsg-1.dsc
 f61d57a2904fa759489b0cfe36aee649 3671280 net optional 
net-snmp_5.9.5.2+dfsg.orig.tar.xz
 5613d1d79be12c3fa21c40e2637916c9 70364 net optional 
net-snmp_5.9.5.2+dfsg-1.debian.tar.xz
 ee42d83a4bc2cb8daac357f702a088d7 61672 debug optional 
libnetsnmptrapd45-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 04f5f365e166565636f2691df1c45d47 23376 libs optional 
libnetsnmptrapd45_5.9.5.2+dfsg-1_amd64.deb
 ce879101d810bb70afc47f403ed700a2 1808004 libs optional 
libsnmp-base_5.9.5.2+dfsg-1_all.deb
 44f479d9be542ef68f194d93db51c4bc 201652 libdevel optional 
libsnmp-dev_5.9.5.2+dfsg-1_amd64.deb
 b095938367153fa45955caeb7bcab95e 256904 debug optional 
libsnmp-perl-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 1d2cc5c73f5ad9e39baccd4c1508e20c 1785564 perl optional 
libsnmp-perl_5.9.5.2+dfsg-1_amd64.deb
 0ab3eba46bad191a636e5d533fe34460 2181524 debug optional 
libsnmp45-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 c5ccfe9750a056d793fdc05f645bc7b8 2635296 libs optional 
libsnmp45_5.9.5.2+dfsg-1_amd64.deb
 d03760a162b97e901ad3800995c3586e 10767 net optional 
net-snmp_5.9.5.2+dfsg-1_amd64.buildinfo
 41a7286e0e2a6148a6bc44b75288c876 285948 debug optional 
snmp-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 337db35d5fca98103e929b4697252022 179232 net optional 
snmp_5.9.5.2+dfsg-1_amd64.deb
 20ba5a49d991978182a537a4f7a11963 21084 debug optional 
snmpd-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 362d65f0ed4c8a826b1f0243b0f1489f 59276 net optional 
snmpd_5.9.5.2+dfsg-1_amd64.deb
 b8f457a66bd93d60a22bd95fb6d42322 24492 debug optional 
snmptrapd-dbgsym_5.9.5.2+dfsg-1_amd64.deb
 115135298f5c8ffc6e87784d6d8069fb 24756 net optional 
snmptrapd_5.9.5.2+dfsg-1_amd64.deb
 d13de428087865e8ebb3b0aff9e400ea 1707224 net optional 
tkmib_5.9.5.2+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmlLsV0ACgkQAiFmwP88
hOOyyQ//cbMdvvJVrGFFoexASEo6NP4BxAeyerP39/1IN+RE8iKQ7S9ShlAu4Jad
E38F6efFxbHggwDZJw/wX8h/5fjyxTYFsgoQtQ3DjzkdBkgDKM8G0WlMSmCTuUI6
5AUBaWkzp1uU9jAmlVBINPFnWOLcb8aauVvBtB+XC0Fpna3j7sIpb1AuL3kkCX5S
Ngnerho3fE03ZUIfSA/gpxiEQklnSk27gGXLR4ir6FhKvmhJRMkf00HcPs1C0Aa5
fNfPfYMewkboJ/Y5Ha5urun3AfMbbHdkuKpuCFLKD5FsKKOsaOQCqcxpWrsTvUj3
SUsgu2DKQOyvle/vIUOnpmFpXPFejzYKnIfyElwW7Hm9evXCC63NeWuAqud8IQaO
pPCx65MVUDWlSqLK2CAAG1yuh7R4+uXgQ+V3nPdQUZGG3o0trWfBsclPdSKiHDFq
4gAR3olK+qXV/tLZzBFHwtbfNYZ0D4aELogGxUmbrrIuCaS3s8OSzLcPnX5k25Ei
U3nDgIIIderpOFNEHMA8uQeJLBlVd5btazTpbvHXIbnQp5QxUxy/7UaS1nLAgaXG
k1dhrx5h/tIgpabBSTN4W/hkAnp+8JENjH0iVfkNmQe7WliHaKrbPIwTS8Cm5Qbi
DeQyQi4vm7n4zA3kVA8cGUkJ30lG3OUU9UEah5NaEfZPKKvSoNY=
=o8n+
-----END PGP SIGNATURE-----

pgpyp6yOJtsk5.pgp
Description: PGP signature

--- End Message ---

Bug#1123861: marked as done (snmptrapd: CVE-2025-68615 snmptrapd buffer overflow and daemon crash)

Reply via email to