CVE-2022-44792
net-snmp: NULL Pointer Exception when handling ipDefaultTTL
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
handle_ipDefaultTTL en agent/mibgroup/ip-mib/ip_scalars.c en Net-SNMP 5.8 a 5.9.3 tiene un error de excepción de puntero NULL que puede ser utilizado por un atacante remoto (que tiene acceso de escritura) para provocar que la instancia se bloquee a través de un paquete UDP elaborado, lo que resulta en una Denegación de Servicio.
A vulnerability was found in Net-SNMP. This issue occurs because the handle_ipDefaultTTL function in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker (who has to write access) to cause the instance to crash via a crafted UDP packet, resulting in a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-07 CVE Reserved
- 2022-11-07 CVE Published
- 2024-06-28 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230223-0011 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428 | 2024-08-03 | |
| https://github.com/net-snmp/net-snmp/issues/474 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-44792 | 2023-05-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2141897 | 2023-05-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Net-snmp Search vendor "Net-snmp" | Net-snmp Search vendor "Net-snmp" for product "Net-snmp" | >= 5.8 <= 5.9.3 Search vendor "Net-snmp" for product "Net-snmp" and version " >= 5.8 <= 5.9.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||