CVE-2018-18066

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_element_os:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:55

Type Values Removed Values Added
References () https://dumpco.re/blog/net-snmp-5.7.3-remote-dos - Exploit, Patch, Third Party Advisory () https://dumpco.re/blog/net-snmp-5.7.3-remote-dos - Exploit, Patch, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20181107-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20181107-0001/ - Third Party Advisory
References () https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/ - Patch, Third Party Advisory () https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/ - Patch, Third Party Advisory
References () https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/ - Patch, Third Party Advisory () https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/ - Patch, Third Party Advisory
References () https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - () https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html -

Information

Published : 2018-10-08 18:29

Updated : 2024-11-21 03:55


NVD link : CVE-2018-18066

Mitre link : CVE-2018-18066

CVE.ORG link : CVE-2018-18066


JSON object : View

Products Affected

netapp

  • cloud_backup
  • solidfire_element_os
  • storagegrid_webscale
  • data_ontap
  • e-series_santricity_os_controller
  • hyper_converged_infrastructure

net-snmp

  • net-snmp
CWE
CWE-476

NULL Pointer Dereference