The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10250
http://www.securityfocus.com/bid/5862
http://www.redhat.com/support/errata/RHSA-2002-228.html
http://www.idefense.com/advisory/10.02.02.txt