CVE-2008-2292

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.1.4 through 5.4.1 net-snmp-devel-64bit (affected versions not specified) net-snmp-x86 (affected versions not specified) net-snmp (affected versions not specified) net-snmp-64bit (affected versions not specified) net-snmp-32bit (affected versions not specified) net-snmp-devel (affected versions not specified) snmp-mibs (affected versions not specified) libsnmp15 (affected versions not specified)

Description The issue involves multiple vulnerabilities in the Net-SNMP package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code. The vulnerabilities are related to a buffer overflow in the snprint value function in snmp get, which can be triggered by a large OCTETSTRING in an attribute value pair.

Recommendations For Net-SNMP versions 5.1.4 through 5.4.1: Update to a version outside of this range to mitigate the risk. For net-snmp-devel-64bit: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For net-snmp-x86: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For net-snmp: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For net-snmp-64bit: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For net-snmp-32bit: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For net-snmp-devel: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For snmp-mibs: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For libsnmp15: At the moment, there is no information about a newer version that contains a fix for this vulnerability.