CVE-2018-18066
net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-10-08 CVE Reserved
- 2018-10-08 CVE Published
- 2024-02-29 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20181107-0001 | Third Party Advisory | |
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://dumpco.re/blog/net-snmp-5.7.3-remote-dos | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2018-18066 | 2020-06-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1637572 | 2020-06-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Net-snmp Search vendor "Net-snmp" | Net-snmp Search vendor "Net-snmp" for product "Net-snmp" | < 5.8 Search vendor "Net-snmp" for product "Net-snmp" and version " < 5.8" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Hyper Converged Infrastructure Search vendor "Netapp" for product "Hyper Converged Infrastructure" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Storagegrid Webscale Search vendor "Netapp" for product "Storagegrid Webscale" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Data Ontap Search vendor "Netapp" for product "Data Ontap" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | >= 11.0 <= 11.5 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.5" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire Element Os Search vendor "Netapp" for product "Solidfire Element Os" | - | - |
Affected
|