Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-24805

Опубликовано: 16 апр. 2024
Источник: debian

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
net-snmpfixed5.9.3+dfsg-1package

Примечания

  • https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)

  • https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)

  • https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)

Связанные уязвимости

ubuntu логотип

CVE-2022-24805

CVSS3: 6.5
ubuntu
около 1 года назад

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

redhat логотип

CVE-2022-24805

CVSS3: 6.7
redhat
почти 3 года назад

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

nvd логотип

CVE-2022-24805

CVSS3: 6.5
nvd
около 1 года назад

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

fstec логотип

BDU:2024-06509

CVSS3: 6.5
fstec
около 1 года назад

Уязвимость функции NET-SNMP-VACM-MIB() набора программного обеспечения Net-SNMP операционной системы Linux, позволяющая нарушителю оказывать воздействие на целостность системы

fstec логотип

BDU:2024-06510

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость функции handle_ipDefaultTTL() набора программного обеспечения Net-SNMP операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании