CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2012-2141 – net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
https://notcve.org/view.php?id=CVE-2012-2141
14 Aug 2012 — Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. Error de índice de array en la función nsExtendOutput2Table en agent/mibgroup/agent/extend.c en Net-SNMP v5.7.1 permite a usuarios remotos autenticados provocar una denegación de servicio (lectura fuera de límites y fallo de snmpd) a ... • http://rhn.redhat.com/errata/RHSA-2013-0124.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1887 – net-snmp: DoS (division by zero) via SNMP GetBulk requests
https://notcve.org/view.php?id=CVE-2009-1887
26 Jun 2009 — agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309. agent/snmp_agent.c en snmpd en net-snmp 5.0.9 en Red Hat Enterprise Linux (RHEL) 3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante una petición SNMP GETBULK manipul... • http://www.mandriva.com/security/advisories?name=MDVSA-2009:156 • CWE-369: Divide By Zero •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2008-6123 – net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny}
https://notcve.org/view.php?id=CVE-2008-6123
12 Feb 2009 — The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." La función netsnmp_udp_fmtaddr (snmplib/snmpUDPDomain.c) en net-snmp v5.0.9 hasta v5.4.2, cuando usando TCP wrappers para autorización de clientes, no analiza apropiadamente re... • http://bugs.gentoo.org/show_bug.cgi?id=250429 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 7%CPEs: 3EXPL: 0CVE-2008-4309 – net-snmp: numresponses calculation integer overflow in snmp_agent.c
https://notcve.org/view.php?id=CVE-2008-4309
31 Oct 2008 — Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. El código getbulk en net-snmp 5.4 antes de v5.4.2.1, 5.3 antes de v5.3.2.3, y 5.2 antes de v5.2.5.1 permite a atacantes remotos provocar una denegación de servicio ... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 22%CPEs: 3EXPL: 1CVE-2008-2292 – Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2292
18 May 2008 — Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). Desbordamiento de búfer en la función __snprint_value de snmp_get en Net-SNMP 5.1.4, 5.2.4 y 5.4.1, como se usa en SNMP.xs para Perl, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar c... • https://www.exploit-db.com/exploits/7100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 64%CPEs: 1EXPL: 0CVE-2007-5846 – net-snmp remote DoS via udp packet
https://notcve.org/view.php?id=CVE-2007-5846
06 Nov 2007 — The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. El agente SNMP (snmp_agent.c) en net-snmp versiones anteriores a 5.4.1, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) por medio de una petición GETBULK con un valor de max-repeaters largo. • http://bugs.gentoo.org/show_bug.cgi?id=198346 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6305
https://notcve.org/view.php?id=CVE-2006-6305
06 Dec 2006 — Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access. Vulnerabilidad no especificada en Net-SNMP 5.3 anterior a 5.3.0.1, cuando está configurado para que use las señales (tokens) de snmpd.conf rocommunity y rouser, provoca que Net-SNMP otorgue permisos de escritura a usuarios o comunidades que solo tenían permisos de lectura. • http://net-snmp.sourceforge.net/about/ChangeLog.html •
CVSS: 10.0EPSS: 5%CPEs: 14EXPL: 1CVE-2005-4837
https://notcve.org/view.php?id=CVE-2005-4837
31 Dec 2005 — snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. • http://secunia.com/advisories/25114 • CWE-16: Configuration CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2005-2811
https://notcve.org/view.php?id=CVE-2005-2811
07 Sep 2005 — Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. • http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml •
CVSS: 7.5EPSS: 11%CPEs: 14EXPL: 0CVE-2005-2177
https://notcve.org/view.php?id=CVE-2005-2177
10 Jul 2005 — Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. • http://secunia.com/advisories/15930 • CWE-20: Improper Input Validation •