CVE-2002-1170 — Net-snmp vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp

Timeline

PublishedOct 11

Latest updateApr 30

Description

The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/net-snmp< net-snmp 5.0.6 (bookworm)

▶Debiannet-snmp/net-snmp< 5.0.6+3

▶NVDnet-snmp/net-snmp5.0.1, 5.0.3, 5.0.4_pre2+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5j37-qvcv-4rf2: The handle_var_requests function in snmp_agent↗2022-04-30

▶

OSV

CVE-2002-1170: The handle_var_requests function in snmp_agent↗2002-10-11

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-10-02

▶

Debian

CVE-2002-1170: net-snmp - The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-...↗2002

▶

💬Community

Bugzilla

CVE-2002-1170 security flaw↗2018-08-16

▶