CVE-2009-1887 — Divide By Zero in Net-snmp

CWE-369 — Divide By Zero6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp

Timeline

PublishedJun 26

Latest updateMay 2

Description

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/net-snmp

▶NVDnet-snmp/net-snmp5.0.9

Patches

Patch: www.redhat.com ↗Patch: bugzilla.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-cf72-rgjq-hh5r: agent/snmp_agent↗2022-05-02

▶

📋Vendor Advisories

Red Hat

net-snmp: DoS (division by zero) via SNMP GetBulk requests↗2009-06-25

▶

Debian

CVE-2009-1887: net-snmp - agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL)...↗2009

▶

💬Community

Bugzilla

CVE-2009-1887 net-snmp: DoS (division by zero) via SNMP GetBulk requests↗2009-06-19

▶

Bugzilla

CVE-2009-1883 kernel: missing capability check in z90crypt↗2009-06-15

▶