CVE-2022-24809

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2103225	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2105242	Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775	Patch
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/	Product
https://security.gentoo.org/glsa/202210-29	Third Party Advisory
https://www.debian.org/security/2022/dsa-5209	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2103225	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2105242	Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775	Patch
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/	Product
https://security.gentoo.org/glsa/202210-29	Third Party Advisory
https://www.debian.org/security/2022/dsa-5209	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::*

History

17 Jan 2025, 16:17

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Power Little Endian Net-snmp net-snmp Redhat enterprise Linux For Ibm Z Systems Fedoraproject Redhat enterprise Linux Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Net-snmp Redhat enterprise Linux Eus Redhat enterprise Linux Server Aus Redhat Debian Debian debian Linux Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Update Services For Sap Solutions Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux For Arm 64 Fedoraproject fedora
CPE		cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::* cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::* cpe:2.3:a:net-snmp:net-snmp:::::::: cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::*
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2103225 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2105242 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2105242 - Third Party Advisory
References	~~() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -~~	() https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -~~	() https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html - Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ - Product
References	~~() https://security.gentoo.org/glsa/202210-29 -~~	() https://security.gentoo.org/glsa/202210-29 - Third Party Advisory
References	~~() https://www.debian.org/security/2022/dsa-5209 -~~	() https://www.debian.org/security/2022/dsa-5209 - Third Party Advisory

Information

Published : 2024-04-16 20:15

Updated : 2025-01-17 16:17

NVD link : CVE-2022-24809

Mitre link : CVE-2022-24809

CVE.ORG link : CVE-2022-24809

JSON object : View

Products Affected

debian

debian_linux

fedoraproject

fedora

redhat

enterprise_linux_update_services_for_sap_solutions
enterprise_linux_server_aus
enterprise_linux_for_arm_64
enterprise_linux_for_arm_64_eus
enterprise_linux_for_power_little_endian
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_eus
enterprise_linux
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

net-snmp

net-snmp

CWE

CWE-476

NULL Pointer Dereference

6.5 /10