Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2292 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Net-snmp

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

15.2%

top 5.37%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Net-snmp Debian Net-snmp

Timeline

PublishedMay 18

Latest updateMay 1

Description

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/net-snmp< net-snmp 5.4.1~dfsg-8 (bookworm)

▶Debiannet-snmp/net-snmp< 5.4.1~dfsg-8+3

▶NVDnet-snmp/net-snmp5.1.4, 5.2.4, 5.4.1+2

🔴Vulnerability Details

GHSA

GHSA-c59r-cvwm-r87m: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5↗2022-05-01

▶

OSV

CVE-2008-2292: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5↗2008-05-18

▶

💥Exploits & PoCs

Exploit-DB

Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)↗2008-11-12

▶

📋Vendor Advisories

Ubuntu

Net-SNMP vulnerabilities↗2008-12-03

▶

Debian

CVE-2008-2292: net-snmp - Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5...↗2008

▶

Red Hat

net-snmp: buffer overflow in perl module's Perl Module __snprint_value()↗2007-11-05

▶

💬Community

Bugzilla

CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()↗2008-05-19

▶