CVE-2022-24810

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
Configurations

No configuration.

History

21 Nov 2024, 06:51

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=2103225 - () https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2105241 - () https://bugzilla.redhat.com/show_bug.cgi?id=2105241 -
References () https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 - () https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -
References () https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html - () https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -
References () https://security.gentoo.org/glsa/202210-29 - () https://security.gentoo.org/glsa/202210-29 -
References () https://www.debian.org/security/2022/dsa-5209 - () https://www.debian.org/security/2022/dsa-5209 -

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un usuario con credenciales de lectura y escritura podía utilizar un OID con formato incorrecto en un SET de nsVacmAccessTable para provocar una desreferencia del puntero NULL. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.

16 Apr 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-16 20:15

Updated : 2024-11-21 06:51


NVD link : CVE-2022-24810

Mitre link : CVE-2022-24810

CVE.ORG link : CVE-2022-24810


JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference