CVE-2005-4837 — Net-snmp vulnerability

7 documents7 sources

Severity

10.0CRITICALNVD

OSV5.0

EPSS

3.8%

top 11.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp Sourceforge Net-snmp

Timeline

PublishedDec 31

Latest updateMay 1

Description

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶debiandebian/net-snmp< net-snmp 5.2.2-1 (bookworm)

▶Debiannet-snmp/net-snmp< 5.2.2-1+3

▶NVDsourceforge/net-snmp5.0.9+2

▶NVDnet-snmp/net-snmp11 versions+10

🔴Vulnerability Details

GHSA

GHSA-m3xm-f262-69qm: snmp_api↗2022-05-01

▶

OSV

CVE-2005-4837: snmp_api↗2005-12-31

▶

📋Vendor Advisories

Ubuntu

net-snmp vulnerability↗2007-05-02

▶

Red Hat

security flaw↗2005-05-23

▶

Debian

CVE-2005-4837: net-snmp - snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0....↗2005

▶

💬Community

Bugzilla

CVE-2005-4837 security flaw↗2018-08-16

▶