CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24806 – net-snmp vulnerable to Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously
https://notcve.org/view.php?id=CVE-2022-24806
28 Aug 2022 — net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a giv... • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24807 – net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2022-24807
28 Aug 2022 — net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1320: Improper Protection for Outbound Error Messages and Alert Signals •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24808 – net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-24808
28 Aug 2022 — net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP addre... • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24810 – net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.
https://notcve.org/view.php?id=CVE-2022-24810
28 Aug 2022 — net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. net-snmp pr... • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24805 – net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
https://notcve.org/view.php?id=CVE-2022-24805
02 Aug 2022 — net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24809 – net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-24809
02 Aug 2022 — net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. net... • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-15861 – Debian Security Advisory 4746-1
https://notcve.org/view.php?id=CVE-2020-15861
19 Aug 2020 — Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Net-SNMP versiones hasta 5.7.3, permite una Escalada de Privilegios debido al seguimiento de un enlace simbólico (symlink) de UNIX. Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. It was discovered that Net-SNMP incorrectly handled certain inputs. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-15862 – net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution
https://notcve.org/view.php?id=CVE-2020-15862
19 Aug 2020 — Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Net-SNMP versiones hasta 5.7.3, presenta una Administración de Privilegios Inapropiada porque el acceso de SNMP WRITE en el EXTEND MIB provee la capacidad de ejecutar comandos arbitrarios como root. A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows runni... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 4CVE-2019-20892 – Ubuntu Security Notice USN-4410-1
https://notcve.org/view.php?id=CVE-2019-20892
25 Jun 2020 — net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. net-snmp versiones anteriores a 5.8.1.pre1 presenta una doble liberación en la función usm_free_usmStateReference en el archivo snmplib/snmpusm.c por medio de una petición SNMPv3 GetBulk. NOTA: esto afecta a los paquetes net-snmp enviados a los usuario... • http://www.openwall.com/lists/oss-security/2020/06/25/4 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-18066 – net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18066
08 Oct 2018 — snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UD... • https://dumpco.re/blog/net-snmp-5.7.3-remote-dos • CWE-476: NULL Pointer Dereference •