CVE-2012-2141 — Net-snmp vulnerability

7 documents7 sources

Severity

3.5LOWNVD

EPSS

1.3%

top 20.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp

Timeline

PublishedAug 14

Latest updateMay 17

Description

Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/net-snmp< net-snmp 5.4.3~dfsg-2.5 (bookworm)

▶Debiannet-snmp/net-snmp< 5.4.3~dfsg-2.5+3

▶NVDnet-snmp/net-snmp5.7.1

🔴Vulnerability Details

GHSA

GHSA-qx3h-g3gw-6vrx: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend↗2022-05-17

▶

OSV

CVE-2012-2141: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend↗2012-08-14

▶

📋Vendor Advisories

Ubuntu

Net-SNMP vulnerability↗2012-05-23

▶

Red Hat

net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)↗2012-04-24

▶

Debian

CVE-2012-2141: net-snmp - Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/...↗2012

▶

💬Community

Bugzilla

CVE-2012-2141 net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)↗2012-04-24

▶