CVE-2022-24807

16.04.2024, 20:15

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
GitHub_M	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Vendor	Product	Version
net-snmp	net-snmp	𝑥 < 5.9.2
debian	debian_linux	10.0
debian	debian_linux	11.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux_eus	9.2
redhat	enterprise_linux_eus	9.4
redhat	enterprise_linux_for_arm_64	9.0
redhat	enterprise_linux_for_arm_64	9.2_aarch64:_aarch64
redhat	enterprise_linux_for_arm_64	9.4_aarch64:_aarch64
redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64:_aarch64
redhat	enterprise_linux_for_ibm_z_systems	9.0
redhat	enterprise_linux_for_ibm_z_systems	9.2_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems	9.4_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x:_s390x
redhat	enterprise_linux_for_power_little_endian	9.0
redhat	enterprise_linux_for_power_little_endian_eus	9.2_ppc64le:_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le:_ppc64le
redhat	enterprise_linux_server_aus	9.2
redhat	enterprise_linux_server_aus	9.4
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le:_ppc64le
redhat	enterprise_linux_server_update_services_for_sap_solutions	9.2
redhat	enterprise_linux_update_services_for_sap_solutions	9.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

net-snmp

bullseye (security)	5.9+dfsg-4+deb11u1 fixed
bullseye	5.9+dfsg-4+deb11u1 fixed
bookworm	5.9.3+dfsg-2 fixed
sid	5.9.4+dfsg-1.1 fixed
trixie	5.9.4+dfsg-1.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

net-snmp

kinetic	Fixed 5.9.1+dfsg-4ubuntu2 released
jammy	Fixed 5.9.1+dfsg-1ubuntu2.2 released
impish	ignored
focal	Fixed 5.8+dfsg-2ubuntu2.4 released
bionic	Fixed 5.7.3+dfsg-1.8ubuntu3.7 released
xenial	Fixed 5.7.3+dfsg-1ubuntu4.6+esm1 released
trusty	Fixed 5.7.2~dfsg-8.1ubuntu3.3+esm3 released

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2103225

https://bugzilla.redhat.com/show_bug.cgi?id=2105239

https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937

https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775

https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/

https://security.gentoo.org/glsa/202210-29

https://www.debian.org/security/2022/dsa-5209