CVE-2022-44792
net-snmp: NULL Pointer Exception when handling ipDefaultTTL
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
handle_ipDefaultTTL en agent/mibgroup/ip-mib/ip_scalars.c en Net-SNMP 5.8 a 5.9.3 tiene un error de excepción de puntero NULL que puede ser utilizado por un atacante remoto (que tiene acceso de escritura) para provocar que la instancia se bloquee a través de un paquete UDP elaborado, lo que resulta en una Denegación de Servicio.
A vulnerability was found in Net-SNMP. This issue occurs because the handle_ipDefaultTTL function in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker (who has to write access) to cause the instance to crash via a crafted UDP packet, resulting in a denial of service.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. Issues addressed include memory leak and null pointer vulnerabilities.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-11-07 CVE Reserved
- 2022-11-07 CVE Published
- 2025-05-05 CVE Updated
- 2025-05-05 First Exploit
- 2025-05-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230223-0011 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428 | 2025-05-05 | |
| https://github.com/net-snmp/net-snmp/issues/474 | 2025-05-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-44792 | 2023-05-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2141897 | 2023-05-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Net-snmp Search vendor "Net-snmp" | Net-snmp Search vendor "Net-snmp" for product "Net-snmp" | >= 5.8 <= 5.9.3 Search vendor "Net-snmp" for product "Net-snmp" and version " >= 5.8 <= 5.9.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||