Lucene search

Alpine Linux Development TeamALPINE:CVE-2022-24807

HistoryApr 16, 2024 - 8:15 p.m.

CVE-2022-24807

2024-04-1620:15:08

Alpine Linux Development Team

security.alpinelinux.org

net-snmp

snmp-view-based-acm-mib

memory access

credentials

patch

snmpv3

snmpv1

snmpv2c

ip address range

unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.1%

JSON

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

OSVersionArchitecturePackageVersionFilename
Alpineedge-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN
Alpine3.13-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN
Alpine3.14-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN
Alpine3.15-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN
Alpine3.16-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN
Alpine3.17-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN
Alpine3.18-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN
Alpine3.19-mainnoarchnet-snmp< 5.9.3-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN
Alpine	3.13-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN
Alpine	3.14-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN
Alpine	3.15-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN
Alpine	3.16-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN
Alpine	3.17-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN
Alpine	3.18-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN
Alpine	3.19-main	noarch	net-snmp	< 5.9.3-r0	UNKNOWN