CVE-2005-2177 — Improper Input Validation in Net-snmp

CWE-20 — Improper Input Validation14 documents7 sources

Severity

10.0CRITICALNVD

NVD5.0OSV5.0

EPSS

11.1%

top 6.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp Sourceforge Net-snmp

Timeline

PublishedJul 11

Latest updateMay 1

Description

Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/net-snmp< net-snmp 5.2.2-1 (bookworm)+1

▶Debiannet-snmp/net-snmp< 5.2.2-1+7

▶NVDsourceforge/net-snmp5.0.9+2

▶NVDnet-snmp/net-snmp14 versions+13

Patches

Patch: sourceforge.net ↗Patch: www.trustix.org ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-cqhx-q2jc-7rj5: Net-SNMP 5↗2022-05-01

▶

GHSA

GHSA-m3xm-f262-69qm: snmp_api↗2022-05-01

▶

OSV

CVE-2005-4837: snmp_api↗2005-12-31

▶

OSV

CVE-2005-2177: Net-SNMP 5↗2005-07-11

▶

📋Vendor Advisories

Ubuntu

ucs-snmp vulnerability↗2005-11-21

▶

Ubuntu

SNMP vulnerability↗2005-09-30

▶

Red Hat

security flaw↗2005-07-01

▶

Red Hat

security flaw↗2005-05-23

▶

Debian

CVE-2005-4837: net-snmp - snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0....↗2005

▶

💬Community

Bugzilla

CVE-2005-4837 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-2177 security flaw↗2018-08-16

▶