Medium: net-snmp

2023-11-2922:20:00

alas.aws.amazon.com

net-snmp

buffer overflow

out-of-bounds memory access

input validation

null pointer dereference

set request

update

cve-2022-24805

cve-2022-24806

cve-2022-24807

cve-2022-24808

cve-2022-24809

cve-2022-24810

6.5 Medium

CVSS3

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.0%

JSON

Issue Overview:

A flaw was found in net-snmp. A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access issue. (CVE-2022-24805)

A flaw was found in net-snmp. This issue occurs due to improper input validation when simultaneously setting malformed OIDs in the master agent and subagent. (CVE-2022-24806)

A flaw was found in net-snmp. A malformed OID in a SET request to the SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access issue. (CVE-2022-24807)

A flaw was found in net-snmp. A malformed OID in a SET request to NET-SNMP-AG
ENT-MIB::nsLogTable can cause a NULL pointer dereference issue. (CVE-2022-24808)

A flaw was found in net-snmp. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference issue. (CVE-2022-24809)

A flaw was found in net-snmp. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference issue. (CVE-2022-24810)

Affected Packages:

net-snmp

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update net-snmp to update your system.

New Packages:

aarch64:  
    net-snmp-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-utils-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-devel-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-perl-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-gui-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-libs-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-agent-libs-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-python-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-sysvinit-5.7.2-49.amzn2.1.1.aarch64  
    net-snmp-debuginfo-5.7.2-49.amzn2.1.1.aarch64  
  
i686:  
    net-snmp-5.7.2-49.amzn2.1.1.i686  
    net-snmp-utils-5.7.2-49.amzn2.1.1.i686  
    net-snmp-devel-5.7.2-49.amzn2.1.1.i686  
    net-snmp-perl-5.7.2-49.amzn2.1.1.i686  
    net-snmp-gui-5.7.2-49.amzn2.1.1.i686  
    net-snmp-libs-5.7.2-49.amzn2.1.1.i686  
    net-snmp-agent-libs-5.7.2-49.amzn2.1.1.i686  
    net-snmp-python-5.7.2-49.amzn2.1.1.i686  
    net-snmp-sysvinit-5.7.2-49.amzn2.1.1.i686  
    net-snmp-debuginfo-5.7.2-49.amzn2.1.1.i686  
  
src:  
    net-snmp-5.7.2-49.amzn2.1.1.src  
  
x86_64:  
    net-snmp-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-utils-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-devel-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-perl-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-gui-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-libs-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-agent-libs-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-python-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-sysvinit-5.7.2-49.amzn2.1.1.x86_64  
    net-snmp-debuginfo-5.7.2-49.amzn2.1.1.x86_64

Additional References

Red Hat: CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810

Mitre: CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64net-snmp< 5.7.2-49.amzn2.1.1net-snmp-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-utils< 5.7.2-49.amzn2.1.1net-snmp-utils-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-devel< 5.7.2-49.amzn2.1.1net-snmp-devel-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-perl< 5.7.2-49.amzn2.1.1net-snmp-perl-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-gui< 5.7.2-49.amzn2.1.1net-snmp-gui-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-libs< 5.7.2-49.amzn2.1.1net-snmp-libs-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-agent-libs< 5.7.2-49.amzn2.1.1net-snmp-agent-libs-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-python< 5.7.2-49.amzn2.1.1net-snmp-python-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-sysvinit< 5.7.2-49.amzn2.1.1net-snmp-sysvinit-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux2aarch64net-snmp-debuginfo< 5.7.2-49.amzn2.1.1net-snmp-debuginfo-5.7.2-49.amzn2.1.1.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	net-snmp	< 5.7.2-49.amzn2.1.1	net-snmp-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-utils	< 5.7.2-49.amzn2.1.1	net-snmp-utils-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-devel	< 5.7.2-49.amzn2.1.1	net-snmp-devel-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-perl	< 5.7.2-49.amzn2.1.1	net-snmp-perl-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-gui	< 5.7.2-49.amzn2.1.1	net-snmp-gui-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-libs	< 5.7.2-49.amzn2.1.1	net-snmp-libs-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-agent-libs	< 5.7.2-49.amzn2.1.1	net-snmp-agent-libs-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-python	< 5.7.2-49.amzn2.1.1	net-snmp-python-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-sysvinit	< 5.7.2-49.amzn2.1.1	net-snmp-sysvinit-5.7.2-49.amzn2.1.1.aarch64.rpm
Amazon Linux	2	aarch64	net-snmp-debuginfo	< 5.7.2-49.amzn2.1.1	net-snmp-debuginfo-5.7.2-49.amzn2.1.1.aarch64.rpm