CVE-2022-44792

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.8 through 5.9.3

Description The issue is related to a NULL Pointer Exception bug in the handle ipDefaultTTL() function. This bug can be exploited by a remote attacker with write access to cause the instance to crash via a specially crafted UDP packet, resulting in a Denial of Service.

Recommendations For Net-SNMP versions 5.8 through 5.9.3, consider disabling the handle ipDefaultTTL() function as a temporary workaround until a patch is available. Restrict access to the UDP protocol to minimize the risk of exploitation. Avoid using the handle ipDefaultTTL() function in the affected API endpoint until the issue is resolved.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2023:2444

ALSA-2023:2969

AZL-11385

AZL-41665

BDU:2024-06510

CESA-2023_2969

CVE-2022-44792

DLA-3270-1

DLA-4381-1

MGASA-2023-0015

OESA-2023-1010

OPENSUSE-SU-2023_0075-1

RHSA-2023:2444

RHSA-2023:2969

RHSA-2023_2444

RHSA-2023_2969

ROSA-SA-2024-2473

SUSE-SU-2023:0068-1

SUSE-SU-2023:0075-1

SUSE-SU-2023_0068-1

SUSE-SU-2023_0075-1

USN-5795-1

USN-5795-2

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Net-Snmp

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-44792

Weakness Enumeration

Related Identifiers

Affected Products

References · 66