Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-6151Improper Input Validation in Net-snmp

CWE-399CWE-20Improper Input Validation14 documents9 sources
Severity
5.0MEDIUMNVD
NVD4.3OSV4.3
EPSS
27.4%
top 3.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Net-snmpDebian Net-snmpApple OS X EL Capitan 10.11.1 Security Update 2015-004 Yosemite AND Security Update 20+2 more
Timeline
PublishedDec 13
Latest updateMay 17

Description

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

debiandebian/net-snmp< net-snmp 5.7.2~dfsg-3 (bookworm)+1
Debiannet-snmp/net-snmp< 5.7.2~dfsg-3+7
NVDnet-snmp/net-snmp5.7.1+20
NVDapple/mac_os_x10.11.0

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10

🔴Vulnerability Details

4
GHSA
GHSA-mv75-h3qp-gpmf: Net-SNMP 52022-05-17
GHSA
GHSA-7x87-wr85-45rj: The AgentX subagent in Net-SNMP before 52022-05-17
OSV
CVE-2014-2310: The AgentX subagent in Net-SNMP before 52014-04-17
OSV
CVE-2012-6151: Net-SNMP 52013-12-13

💥Exploits & PoCs

1
Exploit-DB
Net-SNMP - SNMPD AgentX Subagent Timeout Denial of Service2012-09-05

📋Vendor Advisories

6
Ubuntu
Net-SNMP vulnerabilities2014-04-14
Red Hat
net-snmp: AgentX incorrectly handles multi-object requests leading to DoS2014-03-06
Debian
CVE-2014-2310: net-snmp - The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a ...2014
Red Hat
net-snmp: snmpd crashes/hangs when AgentX subagent times-out2012-09-05
Debian
CVE-2012-6151: net-snmp - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and proce...2012

💬Community

1
Bugzilla
CVE-2012-6151 net-snmp: snmpd crashes/hangs when AgentX subagent times-out2013-12-04