CVE-2022-24808

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2103225	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2105240	Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937	Patch
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775	Patch
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/	Product
https://security.gentoo.org/glsa/202210-29	Third Party Advisory
https://www.debian.org/security/2022/dsa-5209	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2103225	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2105240	Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937	Patch
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775	Patch
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/	Product
https://security.gentoo.org/glsa/202210-29	Third Party Advisory
https://www.debian.org/security/2022/dsa-5209	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::*

History

17 Jan 2025, 16:16

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2105240 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2105240 - Third Party Advisory
References	~~() https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 -~~	() https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 - Patch
References	~~() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -~~	() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -~~	() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html - Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ - Product
References	~~() https://security.gentoo.org/glsa/202210-29 -~~	() https://security.gentoo.org/glsa/202210-29 - Third Party Advisory
References	~~() https://www.debian.org/security/2022/dsa-5209 -~~	() https://www.debian.org/security/2022/dsa-5209 - Third Party Advisory
First Time		Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Power Little Endian Net-snmp net-snmp Redhat enterprise Linux For Ibm Z Systems Fedoraproject Redhat enterprise Linux Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Net-snmp Redhat enterprise Linux Eus Redhat enterprise Linux Server Aus Redhat Debian Debian debian Linux Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Update Services For Sap Solutions Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux For Arm 64 Fedoraproject fedora
CPE		cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::* cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::* cpe:2.3:a:net-snmp:net-snmp:::::::: cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::*

Information

Published : 2024-04-16 20:15

Updated : 2025-01-17 16:16

NVD link : CVE-2022-24808

Mitre link : CVE-2022-24808

CVE.ORG link : CVE-2022-24808

JSON object : View

Products Affected

debian

debian_linux

fedoraproject

fedora

redhat

enterprise_linux_update_services_for_sap_solutions
enterprise_linux_server_aus
enterprise_linux_for_arm_64
enterprise_linux_for_arm_64_eus
enterprise_linux_for_power_little_endian
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_eus
enterprise_linux
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

net-snmp

net-snmp

CWE

CWE-476

NULL Pointer Dereference

6.5 /10