// For flags

CVE-2007-5846

net-snmp remote DoS via udp packet

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.

El agente SNMP (snmp_agent.c) en net-snmp versiones anteriores a 5.4.1, permite a atacantes remotos causar una denegaciĆ³n de servicio (consumo de CPU y memoria) por medio de una peticiĆ³n GETBULK con un valor de max-repeaters largo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-11-06 CVE Reserved
  • 2007-11-06 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-01-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (31)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=198346 X_refsource_confirm
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-1/net-snmp/agent/snmp_agent.c?view=log X_refsource_misc
http://osvdb.org/38904 Vdb Entry
http://sourceforge.net/project/shownotes.php?release_id=528095&group_id=12694 X_refsource_confirm
http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&atid=112694 X_refsource_confirm
http://www.securityfocus.com/archive/1/490917/100/0/threaded Mailing List
http://www.securitytracker.com/id?1018918 Vdb Entry
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11258 Signature
URL Date SRC
URL Date SRC
http://lists.vmware.com/pipermail/security-announce/2008/000014.html 2018-10-15
http://www.debian.org/security/2008/dsa-1483 2018-10-15
http://www.securityfocus.com/bid/26378 2018-10-15
URL Date SRC
http://secunia.com/advisories/27558 2018-10-15
http://secunia.com/advisories/27685 2018-10-15
http://secunia.com/advisories/27689 2018-10-15
http://secunia.com/advisories/27733 2018-10-15
http://secunia.com/advisories/27740 2018-10-15
http://secunia.com/advisories/27965 2018-10-15
http://secunia.com/advisories/28413 2018-10-15
http://secunia.com/advisories/28825 2018-10-15
http://secunia.com/advisories/29785 2018-10-15
http://security.gentoo.org/glsa/glsa-200711-31.xml 2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:225 2018-10-15
http://www.novell.com/linux/security/advisories/2007_25_sr.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-1045.html 2018-10-15
http://www.ubuntu.com/usn/usn-564-1 2018-10-15
http://www.vupen.com/english/advisories/2007/3802 2018-10-15
http://www.vupen.com/english/advisories/2008/1234/references 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00613.html 2018-10-15
https://access.redhat.com/security/cve/CVE-2007-5846 2007-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=363631 2007-11-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Net-snmp
Search vendor "Net-snmp"
 Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
 <= 5.4.1
Search vendor "Net-snmp" for product "Net-snmp" and version " <= 5.4.1"
-
Affected