HighPublic exploit

net-snmp snmp_pdu_parse varBind cleanup flaw

IdentifiersCVE-2015-5621CWE-772

CVE-2015-5621 affects net-snmp 5.7.2 and earlier. The vulnerability is in the snmp_pdu_parse function in snmp_api.c. When parsing of an SNMP PDU fails, the function does not properly remove or clean up the varBind variable in a netsnmp_variable_list item. This improper state handling can be triggered by a crafted SNMP packet sent to a vulnerable service using the affected net-snmp component. The resulting memory corruption or invalid memory state can lead to process termination and, according to the provided description, may also permit arbitrary code execution.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

A remote attacker can send a crafted SNMP packet that causes SNMP PDU parsing to fail and leaves varBind state improperly handled, resulting in a denial-of-service condition through process crash. The provided source also indicates possible arbitrary code execution, so impact may extend beyond availability loss to compromise of the affected process depending on exploitability in the target environment.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, disable SNMP service on affected devices or otherwise prevent exposure of the vulnerable SNMP functionality to untrusted networks. Restrict SNMP access with network segmentation, ACLs, and firewall rules so only trusted management hosts can reach the service.

Remediation

Patch, then assume compromise.

Upgrade net-snmp to a version newer than 5.7.2 that fixes CVE-2015-5621. In the Silex context provided, apply the vendor-recommended product updates: SD-330AC firmware 1.50 or later and AMC Manager 5.1.0 or later, which address dependency exposure to the vulnerable third-party component.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Net-SnmpNet-Snmpapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

the hacker newsNews

Apr 21, 2026

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

A denial-of-service vulnerability referenced as part of the BRIDGE:BREAK findings affecting the discussed serial-to-IP converter products.

jvn japanNews

Apr 20, 2026

JVNVU#94271449: Multiple vulnerabilities in silex technology SD-330AC and AMC Manager

A dependency on a vulnerable third-party component affecting silex technology SD-330AC and AMC Manager through CVE-2015-5621.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2015-5621

NVD

nvd.nist.gov/vuln/detail/CVE-2015-5621

MITRE CWE · CWE-772

cwe.mitre.org

Exploit

openwall.com/lists/oss-security/2015/04/13/1

lists.opensuse.org

lists.opensuse.org/opensuse-updates/2015-09/msg00004.html

rhn.redhat.com

rhn.redhat.com/errata/RHSA-2015-1636.html

sourceforge.net

sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791

support.citrix.com

support.citrix.com/article/CTX209443

openwall.com

openwall.com/lists/oss-security/2015/04/16/15

openwall.com

openwall.com/lists/oss-security/2015/07/31/1

securityfocus.com

securityfocus.com/bid/76380

securitytracker.com

securitytracker.com/id/1033304

+6 more references

view more in app