CVE-2022-44793

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.4.3 through 5.9.3

Description The issue is related to a NULL Pointer Exception bug in the handle ipv6IpForwarding() function. This bug can be exploited by a remote attacker using a specially crafted UDP packet, resulting in a Denial of Service. The exploitation allows the attacker to cause the instance to crash.

Recommendations For Net-SNMP versions 5.4.3 through 5.9.3, consider disabling the handle ipv6IpForwarding() function as a temporary workaround until a patch is available. Restrict access to the agent/mibgroup/ip-mib/ip scalars.c module to minimize the risk of exploitation. Avoid using the vulnerable function in the affected Net-SNMP versions until the issue is resolved.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2023:2444

ALSA-2023:2969

AZL-11386

AZL-41810

BDU:2024-06511

CESA-2023_2969

CVE-2022-44793

DLA-3270-1

DLA-4381-1

MGASA-2023-0015

OESA-2023-1010

OPENSUSE-SU-2023_0075-1

OPENSUSE-SU-2024:12598-1

RHSA-2023:2444

RHSA-2023:2969

RHSA-2023_2444

RHSA-2023_2969

ROSA-SA-2024-2473

SUSE-SU-2023:0068-1

SUSE-SU-2023:0075-1

USN-5795-1

USN-5795-2

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Net-Snmp

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-44793

Weakness Enumeration

Related Identifiers

Affected Products

References · 66