Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-24809

Опубликовано: 01 июл. 2022
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

A flaw was found in net-snmp. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6net-snmpOut of support scope
Red Hat Enterprise Linux 7net-snmpOut of support scope
Red Hat Enterprise Linux 8net-snmpWill not fix
Red Hat Enterprise Linux 9net-snmpFixedRHSA-2024:726026.09.2024
Red Hat Enterprise Linux 9.2 Extended Update Supportnet-snmpFixedRHSA-2024:787509.10.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2104766net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.

EPSS

Процентиль: 29%
0.00103
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-24809

CVSS3: 6.5
ubuntu
около 1 года назад

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

nvd логотип

CVE-2022-24809

CVSS3: 6.5
nvd
около 1 года назад

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

debian логотип

CVE-2022-24809

CVSS3: 6.5
debian
около 1 года назад

net-snmp provides various tools relating to the Simple Network Managem ...

fstec логотип

BDU:2024-06508

CVSS3: 6.5
fstec
около 1 года назад

Уязвимость функции nsVacmAccessTable() в компоненте OID Handler набора программного обеспечения Net-SNMP операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность данных

suse-cvrf логотип

SUSE-SU-2022:4205-1

suse-cvrf
больше 2 лет назад

Security update for net-snmp

EPSS

Процентиль: 29%
0.00103
Низкий

5.9 Medium

CVSS3