PT-2026-41721 · Lwip · Lwip
0Rbitingzer0
·
Published
2026-05-18
·
Updated
2026-05-20
·
CVE-2026-8836
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
lwIP versions prior to 2.2.2
Description
A stack-based buffer overflow exists in the snmpv3 USM Handler component. A remote attacker can trigger this issue by manipulating the
msgAuthenticationParameters argument within the snmp parse inbound frame() function located in the src/apps/snmp/snmp msg.c file.Recommendations
Install patch 0c957ec03054eb6c8205e9c9d1d05d90ada3898c.
As a temporary workaround, restrict access to the snmpv3 USM Handler component to minimize the risk of exploitation.
Fix
Buffer Overflow
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lwip