MidnightBSD

Advisories for net-snmp

CVE-2002-1170 MEDIUM

The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0.4_pre2
CVE-2003-0935 MEDIUM

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.0.7
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0.4_pre2
CVE-2005-1740 HIGH

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.0.7
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.1.2
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.0.9
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0.4_pre2
CVE-2005-2177 MEDIUM

Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.0.7
net-snmp net-snmp 5.2.1
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.0.2
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0.4_pre2
net-snmp net-snmp 5.1.3
net-snmp net-snmp 5.0
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.0.10
net-snmp net-snmp 5.2
net-snmp net-snmp 5.0.9
CVE-2005-2811 MEDIUM

Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.0.7
net-snmp net-snmp *
net-snmp net-snmp 5.1.2
net-snmp net-snmp 5.2.1
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.0.2
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0.4_pre2
net-snmp net-snmp 5.1.3
net-snmp net-snmp 5.0
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.0.10
net-snmp net-snmp 5.2
net-snmp net-snmp 5.0.9
CVE-2005-4837 HIGH

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,CWE-189,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.0.7
sourceforge net-snmp *
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.0.2
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0.4_pre2
net-snmp net-snmp 5.0
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.0.10
net-snmp net-snmp 5.0.9
CVE-2008-4309 MEDIUM

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.4
net-snmp net-snmp 5.3.2.2
net-snmp net-snmp 5.2.5
CVE-2008-6123 MEDIUM

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
net-snmp net-snmp *
suse linux_enterprise 9-11
opensuse opensuse 11.2
opensuse opensuse 10.3-11.1
redhat enterprise_linux 3.0
CVE-2009-1887 MEDIUM

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.0.9
CVE-2012-6151 MEDIUM

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.5
net-snmp net-snmp 5.0.4
canonical ubuntu_linux 13.10
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.0.2
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.4
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.6
net-snmp net-snmp 5.2
net-snmp net-snmp 5.0.9
canonical ubuntu_linux 12.04
net-snmp net-snmp 5.0.7
net-snmp net-snmp *
net-snmp net-snmp 5.1.2
net-snmp net-snmp 5.1
apple mac_os_x 10.11.0
canonical ubuntu_linux 12.10
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0
canonical ubuntu_linux 10.04
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.3
net-snmp net-snmp 5.3.0.1
net-snmp net-snmp 5.7
CVE-2014-2284 MEDIUM

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.5
net-snmp net-snmp 5.7.2
net-snmp net-snmp 5.5.2
net-snmp net-snmp 5.6.1.1
net-snmp net-snmp 5.5.1.1
net-snmp net-snmp 5.5.1
net-snmp net-snmp 5.5.0.2
net-snmp net-snmp 5.7.1
net-snmp net-snmp 5.6
net-snmp net-snmp 5.6.2
net-snmp net-snmp 5.7
net-snmp net-snmp 5.5.0.1
CVE-2014-2285 MEDIUM

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
net-snmp net-snmp *
CVE-2014-2310 MEDIUM

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
net-snmp net-snmp *
CVE-2014-3565 MEDIUM

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.5
net-snmp net-snmp 5.0.7
net-snmp net-snmp *
net-snmp net-snmp 5.1.2
net-snmp net-snmp 5.0.4
net-snmp net-snmp 5.1
apple mac_os_x 10.11.0
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.0.2
net-snmp net-snmp 5.0.3
canonical ubuntu_linux 15.04
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.4
canonical ubuntu_linux 14.04
net-snmp net-snmp 5.0
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.6
net-snmp net-snmp 5.2
net-snmp net-snmp 5.3
net-snmp net-snmp 5.3.0.1
net-snmp net-snmp 5.0.9
canonical ubuntu_linux 12.04
CVE-2015-5621 HIGH

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,CWE-190,

Products Affected

Vendor Product Version
net-snmp net-snmp *
CVE-2015-8100 LOW

The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
net-snmp net-snmp *
CVE-2018-1000116 HIGH

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
net-snmp net-snmp 5.7.2
debian debian_linux 7.0
CVE-2018-18065 MEDIUM

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
net-snmp net-snmp *
canonical ubuntu_linux 16.04
paloaltonetworks pan-os *
netapp cloud_backup -
netapp storagegrid_webscale -
canonical ubuntu_linux 14.04
netapp data_ontap -
netapp hyper_converged_infrastructure -
debian debian_linux 9.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 18.10
netapp solidfire_element_os -
netapp e-series_santricity_os_controller *
CVE-2018-18066 MEDIUM

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
netapp storagegrid_webscale -
net-snmp net-snmp *
netapp data_ontap -
netapp hyper_converged_infrastructure -
netapp solidfire_element_os -
netapp cloud_backup -
netapp e-series_santricity_os_controller *
CVE-2019-20892 MEDIUM

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
net-snmp net-snmp *
oracle zfs_storage_appliance_kit 8.8
CVE-2020-15861 HIGH

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
net-snmp net-snmp *
netapp smi-s_provider -
netapp solidfire_&_hci_management_node -
canonical ubuntu_linux 16.04
canonical ubuntu_linux 20.04
canonical ubuntu_linux 12.04
netapp cloud_backup -
CVE-2020-15862 HIGH

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
net-snmp net-snmp *
netapp smi-s_provider -
canonical ubuntu_linux 16.04
netapp hci_management_node -
canonical ubuntu_linux 20.04
canonical ubuntu_linux 12.04
netapp solidfire -
netapp cloud_backup -
CVE-2022-24805

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 9.4
net-snmp net-snmp *
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_update_services_for_sap_solutions 9.4
debian debian_linux 10.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_arm_64 9.0
redhat enterprise_linux_eus 9.4
redhat enterprise_linux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_arm_64 9.2_aarch64
fedoraproject fedora 36
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_server_update_services_for_sap_solutions 9.2
redhat enterprise_linux_for_ibm_z_systems 9.4_s390x
redhat enterprise_linux_for_arm_64 9.4_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0
debian debian_linux 11.0
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
CVE-2022-24806

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 9.4
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 9.4
redhat enterprise_linux_for_arm_64 9.0
redhat enterprise_linux_eus 9.4
redhat enterprise_linux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_arm_64 9.2_aarch64
fedoraproject fedora 36
redhat enterprise_linux_server_update_services_for_sap_solutions 9.2
redhat enterprise_linux_for_ibm_z_systems 9.0
debian debian_linux 11.0
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
net-snmp net-snmp *
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_eus 9.2
debian debian_linux 10.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
fedoraproject fedora 35
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_for_ibm_z_systems 9.4_s390x
redhat enterprise_linux_for_arm_64 9.4_aarch64
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
CVE-2022-24807

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 9.4
net-snmp net-snmp *
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_update_services_for_sap_solutions 9.4
debian debian_linux 10.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_arm_64 9.0
redhat enterprise_linux_eus 9.4
redhat enterprise_linux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_arm_64 9.2_aarch64
fedoraproject fedora 36
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_server_update_services_for_sap_solutions 9.2
redhat enterprise_linux_for_ibm_z_systems 9.4_s390x
redhat enterprise_linux_for_arm_64 9.4_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0
debian debian_linux 11.0
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
CVE-2022-24808

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 9.4
net-snmp net-snmp *
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_update_services_for_sap_solutions 9.4
debian debian_linux 10.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_arm_64 9.0
redhat enterprise_linux_eus 9.4
redhat enterprise_linux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_arm_64 9.2_aarch64
fedoraproject fedora 36
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_server_update_services_for_sap_solutions 9.2
redhat enterprise_linux_for_ibm_z_systems 9.4_s390x
redhat enterprise_linux_for_arm_64 9.4_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0
debian debian_linux 11.0
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
CVE-2022-24809

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 9.4
net-snmp net-snmp *
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_update_services_for_sap_solutions 9.4
debian debian_linux 10.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_arm_64 9.0
redhat enterprise_linux_eus 9.4
redhat enterprise_linux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_for_arm_64 9.2_aarch64
fedoraproject fedora 36
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_server_update_services_for_sap_solutions 9.2
redhat enterprise_linux_for_ibm_z_systems 9.4_s390x
redhat enterprise_linux_for_arm_64 9.4_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0
debian debian_linux 11.0
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
CVE-2022-24810

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
net-snmp net-snmp *
fedoraproject fedora 36
debian debian_linux 10.0
CVE-2022-44792

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
net-snmp net-snmp *
debian debian_linux 10.0
netapp h700s_firmware -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h410s_firmware -
CVE-2022-44793

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
net-snmp net-snmp *
debian debian_linux 10.0
netapp h700s_firmware -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h410s_firmware -
CVE-2025-68615

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
net-snmp net-snmp *
net-snmp net-snmp 5.10
debian debian_linux 11.0