PT-2012-3833 · Net Snmp+3 · Net-Snmp+3

Sergio Freire

Published

2012-06-19

Updated

2024-06-15

CVE-2012-2141

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Net-SNMP version 5.7.1

Description The issue is related to an array index error in the handle nsExtendOutput2Table function. This error can be triggered by remote authenticated users through an SNMP GET request for a non-existent entry in the extension table, leading to a denial of service due to an out-of-bounds read and subsequent snmpd crash.

Recommendations For Net-SNMP version 5.7.1, consider restricting access to the handle nsExtendOutput2Table function until a patch is available. As a temporary workaround, avoid using the SNMP GET request for entries not in the extension table to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2012_0876

CVE-2012-2141

OPENSUSE-SU-2024:10204-1

RHSA-2012:0876

RHSA-2012_0876

RHSA-2013:0124

RHSA-2013_0124

SUSE-SU-2012_0887-1

SUSE-SU-2012_0888-1

Affected Products

Centos

Net-Snmp

Red Hat

Suse

PT-2012-3833 · Net Snmp+3 · Net-Snmp+3

CVE-2012-2141

Related Identifiers

Affected Products

References · 42