CVE-2008-2292
published 2008-05-18CVE-2008-2292: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.44%
94.3th percentile
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | net-snmp | < net-snmp 5.4.1~dfsg-8 (bookworm) | net-snmp 5.4.1~dfsg-8 (bookworm) |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | >= 0 < 5.4.1~dfsg-8 | 5.4.1~dfsg-8 |
| net-snmp | net-snmp | >= 0 < 5.4.1~dfsg-8 | 5.4.1~dfsg-8 |
| net-snmp | net-snmp | >= 0 < 5.4.1~dfsg-8 | 5.4.1~dfsg-8 |
| net-snmp | net-snmp | >= 0 < 5.4.1~dfsg-8 | 5.4.1~dfsg-8 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_ubuntu10.0CRITICAL
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c59r-cvwm-r87m: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5
ghsa_unreviewed·2022-05-01
CVE-2008-2292 [MEDIUM] CWE-119 GHSA-c59r-cvwm-r87m: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
OSV
CVE-2008-2292: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5
osv·2008-05-18·CVSS 6.8
CVE-2008-2292 [MEDIUM] CVE-2008-2292: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Ubuntu
Net-SNMP vulnerabilities
vendor_ubuntu·2008-12-03·CVSS 10.0
CVE-2008-0960 [CRITICAL] Net-SNMP vulnerabilities
Title: Net-SNMP vulnerabilities
Summary: Net-SNMP vulnerabilities
Wes Hardaker discovered that the SNMP service did not correctly validate
HMAC authentication requests. An unauthenticated remote attacker
could send specially crafted SNMPv3 traffic with a valid username
and gain access to the user's views without a valid authentication
passphrase. (CVE-2008-0960)
John Kortink discovered that the Net-SNMP Perl module did not correctly
check the size of returned values. If a user or automated system were
tricked into querying a malicious SNMP server, the application using
the Perl module could be made to crash, leading to a denial of service.
This did not affect Ubuntu 8.10. (CVE-2008-2292)
It was discovered that the SNMP service did not correctly handle large
GETBULK requests. If an unau
Debian
CVE-2008-2292: net-snmp - Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5...
vendor_debian·2008·CVSS 6.8
CVE-2008-2292 [MEDIUM] CVE-2008-2292: net-snmp - Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5...
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Scope: local
bookworm: resolved (fixed in 5.4.1~dfsg-8)
bullseye: resolved (fixed in 5.4.1~dfsg-8)
forky: resolved (fixed in 5.4.1~dfsg-8)
sid: resolved (fixed in 5.4.1~dfsg-8)
trixie: resolved (fixed in 5.4.1~dfsg-8)
Red Hat
net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
vendor_redhat·2007-11-05·CVSS 6.8
CVE-2008-2292 [MEDIUM] net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.htmlhttp://secunia.com/advisories/30187http://secunia.com/advisories/30615http://secunia.com/advisories/30647http://secunia.com/advisories/31155http://secunia.com/advisories/31334http://secunia.com/advisories/31351http://secunia.com/advisories/31467http://secunia.com/advisories/31568http://secunia.com/advisories/32664http://secunia.com/advisories/33003http://security.gentoo.org/glsa/glsa-200808-02.xmlhttp://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1http://support.avaya.com/elmodocs2/security/ASA-2008-282.htmhttp://www.debian.org/security/2008/dsa-1663http://www.mandriva.com/security/advisories?name=MDVSA-2008:118http://www.redhat.com/support/errata/RHSA-2008-0529.htmlhttp://www.securityfocus.com/bid/29212http://www.securitytracker.com/id?1020527http://www.ubuntu.com/usn/usn-685-1http://www.vmware.com/security/advisories/VMSA-2008-0013.htmlhttp://www.vupen.com/english/advisories/2008/1528/referenceshttp://www.vupen.com/english/advisories/2008/2141/referenceshttp://www.vupen.com/english/advisories/2008/2361https://exchange.xforce.ibmcloud.com/vulnerabilities/42430https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.htmlhttp://secunia.com/advisories/30187http://secunia.com/advisories/30615http://secunia.com/advisories/30647http://secunia.com/advisories/31155http://secunia.com/advisories/31334http://secunia.com/advisories/31351http://secunia.com/advisories/31467http://secunia.com/advisories/31568http://secunia.com/advisories/32664http://secunia.com/advisories/33003http://security.gentoo.org/glsa/glsa-200808-02.xmlhttp://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1http://support.avaya.com/elmodocs2/security/ASA-2008-282.htmhttp://www.debian.org/security/2008/dsa-1663http://www.mandriva.com/security/advisories?name=MDVSA-2008:118http://www.redhat.com/support/errata/RHSA-2008-0529.htmlhttp://www.securityfocus.com/bid/29212http://www.securitytracker.com/id?1020527http://www.ubuntu.com/usn/usn-685-1http://www.vmware.com/security/advisories/VMSA-2008-0013.htmlhttp://www.vupen.com/english/advisories/2008/1528/referenceshttp://www.vupen.com/english/advisories/2008/2141/referenceshttp://www.vupen.com/english/advisories/2008/2361https://exchange.xforce.ibmcloud.com/vulnerabilities/42430https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html
2008-05-18
Published