// For flags

CVE-2018-18066

net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-10-08 CVE Reserved
  • 2018-10-08 CVE Published
  • 2024-02-29 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Net-snmp
Search vendor "Net-snmp"
Net-snmp
Search vendor "Net-snmp" for product "Net-snmp"
< 5.8
Search vendor "Net-snmp" for product "Net-snmp" and version " < 5.8"
-
Affected
Netapp
Search vendor "Netapp"
Cloud Backup
Search vendor "Netapp" for product "Cloud Backup"
--
Affected
Netapp
Search vendor "Netapp"
Hyper Converged Infrastructure
Search vendor "Netapp" for product "Hyper Converged Infrastructure"
--
Affected
Netapp
Search vendor "Netapp"
Storagegrid Webscale
Search vendor "Netapp" for product "Storagegrid Webscale"
--
Affected
Netapp
Search vendor "Netapp"
Data Ontap
Search vendor "Netapp" for product "Data Ontap"
--
Affected
Netapp
Search vendor "Netapp"
E-series Santricity Os Controller
Search vendor "Netapp" for product "E-series Santricity Os Controller"
>= 11.0 <= 11.5
Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.5"
-
Affected
Netapp
Search vendor "Netapp"
Solidfire Element Os
Search vendor "Netapp" for product "Solidfire Element Os"
--
Affected