CVE-2022-24805

2024-04-1620:15:00

Debian Security Bug Tracker

security-tracker.debian.org

107

buffer overflow

net-snmp-vacm-mib

out-of-bounds

memory access

unix

6.5 Medium

CVSS3

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.0%

JSON

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

OSVersionArchitecturePackageVersionFilename
Debian12allnet-snmp< 5.9.3+dfsg-1net-snmp_5.9.3+dfsg-1_all.deb
Debian11allnet-snmp< 5.9+dfsg-4+deb11u1net-snmp_5.9+dfsg-4+deb11u1_all.deb
Debian10allnet-snmp< 5.7.3+dfsg-5+deb10u3net-snmp_5.7.3+dfsg-5+deb10u3_all.deb
Debian999allnet-snmp< 5.9.3+dfsg-1net-snmp_5.9.3+dfsg-1_all.deb
Debian13allnet-snmp< 5.9.3+dfsg-1net-snmp_5.9.3+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	net-snmp	< 5.9.3+dfsg-1	net-snmp_5.9.3+dfsg-1_all.deb
Debian	11	all	net-snmp	< 5.9+dfsg-4+deb11u1	net-snmp_5.9+dfsg-4+deb11u1_all.deb
Debian	10	all	net-snmp	< 5.7.3+dfsg-5+deb10u3	net-snmp_5.7.3+dfsg-5+deb10u3_all.deb
Debian	999	all	net-snmp	< 5.9.3+dfsg-1	net-snmp_5.9.3+dfsg-1_all.deb
Debian	13	all	net-snmp	< 5.9.3+dfsg-1	net-snmp_5.9.3+dfsg-1_all.deb