PT-2022-7450 · Net Snmp+8 · Net-Snmp+8

Nanyu Zhong

Published

2022-07-01

Updated

2025-01-17

CVE-2022-24805

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions net-snmp versions prior to 5.9.2

Description The issue is related to a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB, which can cause an out-of-bounds memory access. A user with read-only credentials can exploit this issue. To enhance protection, users should use strong SNMPv3 credentials, avoid sharing credentials, and consider restricting access to a given IP address range for those using SNMPv1 or SNMPv2c.

Recommendations For versions prior to 5.9.2, update to version 5.9.2 or later to resolve the issue. As a temporary workaround, consider using strong SNMPv3 credentials and avoiding the sharing of credentials. For users who must use SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-476

Related Identifiers

ALSA-2024:7260

ALSA-2024_7260

BDU:2024-06509

BDU:2024-06510

CVE-2022-24805

DLA-3088-1

DSA-5209-1

INFSA-2024_7260

MGASA-2022-0311

OESA-2022-1888

OPENSUSE-SU-2022_4205-1

OPENSUSE-SU-2024:12174-1

RHSA-2024:7260

RHSA-2024:7875

RHSA-2024_7260

RLSA-2024:7260

SUSE-RU-2024:0029-1

SUSE-SU-2022:4205-1

SUSE-SU-2022:4205-2

USN-5543-1

USN-5795-2

Affected Products

Almalinux

Astra Linux

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Net-Snmp

PT-2022-7450 · Net Snmp+8 · Net-Snmp+8

CVE-2022-24805

Weakness Enumeration

Related Identifiers

Affected Products

References · 98