CVE-2022-24805

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
Configurations

No configuration.

History

21 Nov 2024, 06:51

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=2103225 - () https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2105238 - () https://bugzilla.redhat.com/show_bug.cgi?id=2105238 -
References () https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 - () https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 -
References () https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 - () https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -
References () https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html - () https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -
References () https://security.gentoo.org/glsa/202210-29 - () https://security.gentoo.org/glsa/202210-29 -
References () https://www.debian.org/security/2022/dsa-5209 - () https://www.debian.org/security/2022/dsa-5209 -

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un desbordamiento del búfer en el manejo del `INDEX` de `NET-SNMP-VACM-MIB` puede provocar un acceso a la memoria fuera de los límites. Un usuario con credenciales de sólo lectura puede aprovechar el problema. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.

16 Apr 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-16 20:15

Updated : 2024-11-21 06:51


NVD link : CVE-2022-24805

Mitre link : CVE-2022-24805

CVE.ORG link : CVE-2022-24805


JSON object : View

Products Affected

No product.

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')