SNMP4J-Agent Releases 3.6.5 and 2.7.8

SNMP4J-Agent versions 3.6.5 and 2.7.8 have been released 2022-11-10T23:00:00Z to fix a security (DoS) issue remotely exploitable by using very large max-repetition values in GETBULK requests. Because the maximum message length is not limited for outbound messages during execution of the GETBULK, an OutOfMemory exception after high CPU load could occur.


  • SECURITY [AS-38]: Command processing of GETBULK PDUs with large max-repetition values could lead to DoS/OutOfMemory when used in conjunction with a Snmp4J-AgentX master agent.
    Now repetition sub-requests are limited to the maximum theoretical possible variable bindings fitting into the maximum sized response PDU - according the maximum outbound message size which is 65535 for all TransportMappings defined in SNMP4J.