{"id":"CVE-2020-15861","details":"Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.","modified":"2026-04-11T21:20:02.209441Z","published":"2020-08-20T01:17:13.837Z","references":[{"type":"ADVISORY","url":"https://github.com/net-snmp/net-snmp/issues/145"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202008-12"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200904-0001/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4471-1/"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599"},{"type":"FIX","url":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/net-snmp/net-snmp","events":[{"introduced":"0"},{"last_affected":"ac272772ea11a9f5d07ecaec881859f393f850bb"},{"fixed":"4fd9a450444a434a993bc72f7c3486ccce41f602"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.7.3"}]}}],"versions":["v3.0","v3.0.1","v3.0.2","v3.0.2.1","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.7.1","v3.0.7.2","v3.1","v3.1.0.1","v3.1.1","v3.1.2","v3.1.2.1","v3.1.3","v3.2","v3.3","v3.4","v3.5","v3.6","v3.6.1","v4.0","v4.0.1","v4.1","v4.1.1","v4.2","v5.0","v5.0.1","v5.0.11.1","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.0.7","v5.1","v5.1.4.1","v5.2","v5.3","v5.4","v5.5","v5.5.pre1","v5.5.pre2","v5.5.pre3","v5.5.rc1","v5.5.rc2","v5.5.rc3","v5.6","v5.6.pre1","v5.6.pre2","v5.6.pre3","v5.6.rc1","v5.6.rc2","v5.6.rc3","v5.7","v5.7.1","v5.7.1.pre1","v5.7.1.pre2","v5.7.1.rc1","v5.7.1.rc2","v5.7.1.rc3","v5.7.2.pre1","v5.7.2.pre2","v5.7.2.pre3","v5.7.2.rc1","v5.7.2.rc2","v5.7.2.rc3","v5.7.3","v5.7.3.pre1","v5.7.3.pre2","v5.7.3.pre3","v5.7.3.pre5","v5.7.3.rc1","v5.7.3.rc2","v5.7.3.rc3","v5.7.pre1","v5.7.pre2","v5.7.rc1","v5.7.rc2","v5.7.rc3","v5.8","v5.8.pre1","v5.8.pre2","v5.8.pre3","v5.8.rc1","v5.8.rc2","v5.8.rc3","v5.8.rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15861.json","vanir_signatures":[{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-1ab1691d","digest":{"length":666,"function_hash":"145014679575689650584675739969347332431"},"deprecated":false,"signature_version":"v1","target":{"function":"_mibindex_add","file":"snmplib/mib.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-272b2ae4","digest":{"line_hashes":["258006950393430341598206445558390697243","223245324346843983598874277929133242238","46811257327023568725342291935664909467","118823272657575215291975157349148577674"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"include/net-snmp/library/parse.h"},"signature_type":"Line"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-284989d7","digest":{"line_hashes":["158512933697539680873049494826664811023","32491476551214894676688626481375177197","70137202526186634354725563169886466689","5842608046102079676927886484797392963","140529204713235808394177027893286229492","39172634948536669897502844975899042363","213275433098533763022001259375068787717","249177652949796322444984461098062970398","135292701236488654698620339221612159953","153004880268381420129446368270116652183","36408444320004856021850802751786285169","55003524299964907419165426311265968631","216508888027184995456451585793040095155","18199627237426701927657442044047830623","250408406402580560696427568504238934875","212347618658083204341553965834321065038","286370281994255075258275965195305174420","148330288602802279258808301241206165100","337731573923766061739971311747628988842","310313061424085978472552389318727536242","1865301024747981809525596336653974350","150065852043199339462018929248479185822","331228974393414931987906460935558561437","161628386749268161420973307547675260264","28632219393095141707898149151708574847","247836514931539703430701283283674209036","42482847629809766720554338590888310771","268863795309628781834012342656198501376","40989527261916966812716721271129682727","161400566058498699535214771688307959391","210494064010269170020135019854440881180","26186057142837500718551021584270208352","104939329350067107671829490621627646316","206974553315651997238917885709104656188","54548025319365572035487977263207670291","44115886991222207857949601994769973618","74446634114968974134893930102327238658","183280764967901068938656727202763698203","325308309086901068202295813621931562443","233492301078432649207096029000120180976","146328530312050252729608029898056977131","122523256345046031764871291806859628749","48400611334331644704150514888702051394","144222246886405846624829872612145959723","48883379856577036807395428499623031633","37986477186843114837444358482119383447","328474841723554564502350452113262649275","67838216296081224120015188288979386448","194761520840014978050860772561952925805","256947162569636098762544014906428675047","211436156097942778804129755676712596687","244287023554933209490610613713922209805","228493517092605082537631547235823713536","284842611192106714385325098216469231650","168569178439268884588712254003887316267","317855880376115918089758509218505118599","220551355805697101109464968118111069527","289784845331688094638823562714809804052","314188453092132276099319748727447226798","164331305135014412249334963021399507092","133312632277358849480658630477315321281","44349657042989761565446870786712824239","148752340976186499894786787307069273613","8962815919675171825625167827538491868","151373991542250145975821305958226791722","31224390623484860007925198998919542557","298728113266379907256032112755999231114","43122298052384690072424329564608043116","222189781345996120972388980288583605050","1524702121779427049380525470957401319","142155696015156704897086555025372786733"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"snmplib/parse.c"},"signature_type":"Line"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-4a85f19f","digest":{"length":620,"function_hash":"112986209661699835997137440702586534201"},"deprecated":false,"signature_version":"v1","target":{"function":"add_mibfile","file":"snmplib/parse.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-5d2c8926","digest":{"length":1154,"function_hash":"170481824433810834831224908811649127529"},"deprecated":false,"signature_version":"v1","target":{"function":"netsnmp_mibindex_load","file":"snmplib/mib.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-84210969","digest":{"length":463,"function_hash":"237215025463548406932053674162216185937"},"deprecated":false,"signature_version":"v1","target":{"function":"netsnmp_mibindex_new","file":"snmplib/mib.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-b2792b1d","digest":{"length":475,"function_hash":"307254076294149860615418922272869378490"},"deprecated":false,"signature_version":"v1","target":{"function":"netsnmp_mibindex_lookup","file":"snmplib/mib.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-b403f116","digest":{"length":1699,"function_hash":"165382700723976445475101237095193553802"},"deprecated":false,"signature_version":"v1","target":{"function":"add_mibdir","file":"snmplib/parse.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-bd274f99","digest":{"line_hashes":["279851055321414569382842808087258497000","181833821969936643317650856029611411718","275871831599369720285877128776141084617","228188481720208030384543144792291266447","64872837152681095299872043560177138187","29929484290399058582926187833199129176"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"include/net-snmp/library/mib.h"},"signature_type":"Line"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-c3462cf1","digest":{"length":3534,"function_hash":"257363585448700372957936713122442586042"},"deprecated":false,"signature_version":"v1","target":{"function":"netsnmp_init_mib","file":"snmplib/mib.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-d2fdf4bd","digest":{"length":535,"function_hash":"147886039327830622296918830012085282768"},"deprecated":false,"signature_version":"v1","target":{"function":"shutdown_mib","file":"snmplib/mib.c"},"signature_type":"Function"},{"source":"https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602","id":"CVE-2020-15861-d34be457","digest":{"line_hashes":["24646240475115471616800964315071370907","269654530702087529437357219022778345626","286965316549030242412831885313176177097","26808230819877403543416037673883218207","311622631763582568781992032173289918868","27500052557316724793430359860889664504","229163669172430774686581150961549818992","214955007102488912394801775700599055883","270567709625690281463755904672381940240","292601381072927727525697880848160511330","185013674327022462715363370400203993535","302531855657484780268600000196760701319","122249536782445161943353522797895770925","265522545891735892288444749723587879835","136050074506464804275625719972368442412","184539275522532486107898364508255938827","323511488972196436190211584405418625156","161810577812951999113770298451148383623","46630675273551257740812537114076691108","255644724727299255541351412828965010873","105499509156894332891425562174081019872","148843867801027126079565206877578693738","2880135087347403832953633603359744954","194983240578125028281527747785301211452","204086569011810167010019036415322280723","338786809583189804553389102898110166590","80839387675976817723184316974066143969","69653409188317967792020743190710281919","168595316369884580705451547797176554472","326455217101359328546561410932549364880","197631528918571071402397793934389182119","250803621559343560091945547004462192597","159407117741252817788135227934237927482","110602064131662514804838073891151235587","217253519803418733872297542973869076977","4311761827111529034402192273728089859","301324513392750371907332627847213334717","277787217338799520365103987739887363518","161563483318235823841256020983613131872","199733149287968059662780809869442548677","110324244040446269002807625288614061313","132605672570991112875104175162498162378","2739793114881924913961507141965792604","320115973365020637934028209343502190991","55086986182548073910425659024094422737","182478907838955036453950042577416972514","201195719727934767088537063930620272319","37792802686500148240457581469372367518","40352213303734992094450640543884063326","223210712693038654819533285211717322142","119857948328423420438067085361611959878","200911522858986181327311433200642619885","79018555393866127105276734669073815907","36197132157086079180462682516278985706","74602948257279050103936715002108638388","83995068373729036858440013628254621180","105665491771208815414152609021346506321","311534083138724943130606565783016588667","208213247613236535587240080910528964138","268247644052656230687429258544132236208","263630635542926844208012615369292003677","69935479035470584165094644674699733378","96864726315822250909486283702052559153","329333563575095143269919333880119152885","114814268349650370913691669102648310846","162710956295068121595955700314434942239","131709419435096636076925672536673690073","262359305137598159900613662813298203872","160937479052991875267320777581178374122","17487293860162727640576276140562375722","37686230328850626401423384339525583821","304649594011479918331018725772852966031","113835006721281249074956257185633256743","296013029022859716080516588144819274462","104373284205043019821088340519062566924","314433544565770080724285452195718774759","206728260273374964356407527225450420789","144738966701805793888356710238730446549","47322889164019202326010580843166532049","225407577683775351570598855052566244596","119396409083500988525798148761691351824","272852502175051761919859419862700404250","3792733923760325797999975417585403532","226651965090032898398658650426116338528","335250350209778204218709371238406397429","7127008552884531576526089299479435976","20516555663371176716016861371877696715","328177449727136879365375346533663345708","163445725883300978004512414636792222282","186218995143728518630144265802012057076","158826340986896763287432854433255918441","273532471173843924532542347592101031234","2957167638279831740576141681383901601","206517022712468167435509577410780001903","254493703027155311396208578705394064923","281871421380880443648045382169840257300","336396344628123044328142059295402194681","136329525402869360614591561500274649009","30373448401173432323695149997291053973","321443470720831099042817898460182871876","193523068163520534866893024726892490999","38577917396128475517684672596774234475","240885585856387815508364625054360497555","322207602705120837612526357542723946951","278241018481212470224003552691962689848","217162923221619689034324020210012388870","244115175658325575402040882176763610066","120161770630727643066754033475481804625","320035095762742564836457713297760943851","64224552263924846736809348660244745000","257756027529086684883451650046822075656","199864256522233655233665890500178687160","332046986212545570613913913668821635090","143217145833433259806721546597629587088","73718802862739738733868328060860796805","237026516574674726768852426503266552203","11442659811247398935871165781964771063","251610253758206766237377044183457906135","149550655754241049260693973062655248037","291100489383228519992580295723060472619","334766151591140172118653741836670635716","284908746276751870676230557139971632609","195441250165749561576551672722982575925","239307072706037395091672855138000089138","39679281498959593754832644387038551433","61743712150074539596202249023100795955","26832323346331745730346839315416402510","172845945342097775794060659809249663674","197309061463182479386661623790745142768","162777351177480005900893020190441201435","153634462566806490702707634302742856206","21189261562126720498954779181688666159"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"snmplib/mib.c"},"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T21:20:02Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}