PT-2008-1081 · Net Snmp+1 · Net-Snmp+4

Josh Bressers

·

Published

2008-10-31

·

Updated

2026-05-28

·

CVE-2008-4309

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions net-snmp versions 5.1.2 through 5.3.1 net-snmp-devel versions 5.1.2 through 5.3.1 net-snmp-libs versions 5.1.2 through 5.3.1 net-snmp-utils versions 5.1.2 through 5.3.1
Description The issue is related to an integer overflow in the netsnmp create subtree cache function, which can be triggered by a crafted SNMP GETBULK request. This may cause a denial of service (crash) due to a heap-based buffer overflow. The vulnerability can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information.
Recommendations For net-snmp versions 5.1.2 through 5.3.1, update to version 5.4.2.1 or later. For net-snmp-devel versions 5.1.2 through 5.3.1, update to version 5.4.2.1 or later. For net-snmp-libs versions 5.1.2 through 5.3.1, update to version 5.4.2.1 or later. For net-snmp-utils versions 5.1.2 through 5.3.1, update to version 5.4.2.1 or later. As a temporary workaround, consider restricting access to the SNMP service until a patch is available.

Fix

DoS

RCE

Integer Overflow

Weakness Enumeration

CWE-20CWE-190

Related Identifiers

BDU:2015-07437
BDU:2015-07438
BDU:2015-07440
BDU:2015-07441
BDU:2015-07443
BDU:2015-07444
BDU:2015-07446
BDU:2015-07447
BDU:2015-08456
BDU:2015-08457
BDU:2015-08458
BDU:2015-08459
BDU:2015-08460
BDU:2015-08461
BDU:2015-08462
BDU:2015-08463
CVE-2008-4309
DSA-1663-1
OPENSUSE-SU-2024:11082-1
RHSA-2008:0971
RHSA-2008_0971

Affected Products

Red Hat
Net-Snmp
Net-Snmp-Devel
Net-Snmp-Libs
Net-Snmp-Utils