CVE-2022-24809

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions net-snmp versions prior to 5.9.2

Description The issue is related to a NULL pointer dereference in the nsVacmAccessTable function. A user with read-only credentials can exploit this by using a malformed OID in a GET-NEXT request to cause the dereference. This can potentially impact data integrity. Users should use strong SNMPv3 credentials, avoid sharing credentials, and consider restricting access to a given IP address range for added protection.

Recommendations For versions prior to 5.9.2, update to version 5.9.2 or later to apply the patch. Use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:7260

BDU:2024-06508

CVE-2022-24809

DLA-3088-1

DSA-5209-1

INFSA-2024_7260

MGASA-2022-0311

OESA-2022-1888

OPENSUSE-SU-2022_4205-1

OPENSUSE-SU-2024:12174-1

RHSA-2024:7260

RHSA-2024:7875

RHSA-2024_7260

RLSA-2024:7260

SUSE-RU-2024:0029-1

SUSE-SU-2022:4205-1

SUSE-SU-2022:4205-2

USN-5543-1

USN-5795-2

Affected Products

Almalinux

Astra Linux

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Net-Snmp

CVE-2022-24809

Weakness Enumeration

Related Identifiers

Affected Products

References · 92