Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-18065NULL Pointer Dereference in Net-snmp

CWE-476NULL Pointer Dereference13 documents10 sources
Severity
6.5MEDIUMNVD
EPSS
7.4%
top 8.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Net-snmpNetapp E-series Santricity OS ControllerPaloaltonetworks Pan-os+3 more
Timeline
PublishedOct 8
Latest updateMay 13

Description

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

Debiannet-snmp/net-snmp< 5.7.3+dfsg-4+3
NVDpaloaltonetworks/pan-os7.1.238.0.15+2
Palo Altopaloalto/pan-os

Also affects: Debian Linux 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: dumpco.rePatch: sourceforge.netPatch: www.exploit-db.com

🔴Vulnerability Details

3
GHSA
GHSA-j2x7-g8jc-3475: _set_key in agent/helpers/table_container2022-05-13
OSV
CVE-2018-18065: _set_key in agent/helpers/table_container2018-10-08
CVEList
CVE-2018-18065: _set_key in agent/helpers/table_container2018-10-08

💥Exploits & PoCs

1
Exploit-DB
net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)2018-10-08

📋Vendor Advisories

6
Palo Alto
Denial of Service in PAN-OS Management Interface2019-03-20
Ubuntu
Net-SNMP vulnerability2018-10-22
Ubuntu
Net-SNMP vulnerability2018-10-16
Ubuntu
Net-SNMP vulnerability2018-10-15
Debian
CVE-2018-18065: net-snmp - _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Po...2018

💬Community

2
Bugzilla
CVE-2018-18065 CVE-2018-18066 net-snmp: various flaws [fedora-all]2018-10-09
Bugzilla
CVE-2018-18065 net-snmp: NULL pointer exception in _set_key in agent/helpers/table_container.c resulting in a denial of service2018-10-09
CVE-2018-18065 — NULL Pointer Dereference in Net-snmp | cvebase