CVE-2022-24808

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2103225	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2105240	Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937	Patch
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775	Patch
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/	Product
https://security.gentoo.org/glsa/202210-29	Third Party Advisory
https://www.debian.org/security/2022/dsa-5209	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2103225	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2105240	Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937	Patch
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775	Patch
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/	Product
https://security.gentoo.org/glsa/202210-29	Third Party Advisory
https://www.debian.org/security/2022/dsa-5209	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::*

History

17 Jan 2025, 16:16

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:a:net-snmp:net-snmp:::::::: cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
First Time		Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Update Services For Sap Solutions Redhat enterprise Linux Server Aus Debian Redhat enterprise Linux Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Arm 64 Fedoraproject fedora Redhat Net-snmp net-snmp Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Net-snmp Debian debian Linux Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Fedoraproject Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux Eus
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2105240 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2105240 - Third Party Advisory
References	~~() https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 -~~	() https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 - Patch
References	~~() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -~~	() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -~~	() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html - Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ - Product
References	~~() https://security.gentoo.org/glsa/202210-29 -~~	() https://security.gentoo.org/glsa/202210-29 - Third Party Advisory
References	~~() https://www.debian.org/security/2022/dsa-5209 -~~	() https://www.debian.org/security/2022/dsa-5209 - Third Party Advisory

21 Nov 2024, 06:51

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2105240 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2105240 -
References	~~() https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 -~~	() https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 -
References	~~() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -~~	() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -
References	~~() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -~~	() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -
References	~~() https://security.gentoo.org/glsa/202210-29 -~~	() https://security.gentoo.org/glsa/202210-29 -
References	~~() https://www.debian.org/security/2022/dsa-5209 -~~	() https://www.debian.org/security/2022/dsa-5209 -

17 Apr 2024, 12:48

Type	Values Removed	Values Added
Summary		(es) net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un usuario con credenciales de lectura y escritura podía utilizar un OID con formato incorrecto en una solicitud `SET` a `NET-SNMP-AGENT-MIB::nsLogTable` para provocar una desreferencia del puntero NULL. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.

16 Apr 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-16 20:15

Updated : 2025-01-17 16:16

NVD link : CVE-2022-24808

Mitre link : CVE-2022-24808

CVE.ORG link : CVE-2022-24808

JSON object : View

Products Affected

fedoraproject

fedora

redhat

enterprise_linux
enterprise_linux_update_services_for_sap_solutions
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_arm_64_eus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_power_little_endian
enterprise_linux_server_aus
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_eus
enterprise_linux_for_arm_64

net-snmp

net-snmp

debian

debian_linux

CWE

CWE-476

NULL Pointer Dereference

6.5 /10