CVE-2007-5846 — Net-snmp vulnerability

CWE-3998 documents8 sources

Severity

7.8HIGHNVD

EPSS

15.4%

top 5.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp

Timeline

PublishedNov 6

Latest updateFeb 16

Description

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/net-snmp< net-snmp 5.4.1~dfsg-1 (bookworm)

▶Debiannet-snmp/net-snmp< 5.4.1~dfsg-1+3

▶NVDnet-snmp/net-snmp5.4.1

Patches

Patch: lists.vmware.com ↗Patch: www.debian.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mfmg-j678-28xm: The SNMP agent (snmp_agent↗2022-05-01

▶

OSV

CVE-2007-5846: The SNMP agent (snmp_agent↗2007-11-06

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE X200 IRT↗2023-02-16

▶

Ubuntu

Net-SNMP vulnerability↗2008-01-09

▶

Red Hat

net-snmp remote DoS via udp packet↗2007-05-04

▶

Debian

CVE-2007-5846: net-snmp - The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers t...↗2007

▶

💬Community

Bugzilla

CVE-2007-5846 net-snmp remote DoS via udp packet↗2007-11-02

▶