CVE-2018-18066 — NULL Pointer Dereference in Net-snmp

CWE-476 — NULL Pointer Dereference10 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Netapp E-series Santricity OS Controller

Timeline

PublishedOct 8

Latest updateAug 22

Description

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDnet-snmp/net-snmp< 5.8

▶Debiannet-snmp/net-snmp< 5.7.3+dfsg-1.1+3

▶NVDnetapp/e-series_santricity_os_controller11.0 — 11.5

Patches

Patch: dumpco.re ↗Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-9mpr-24m6-767p: snmp_oid_compare in snmplib/snmp_api↗2022-05-13

▶

CVEList

CVE-2018-18066: snmp_oid_compare in snmplib/snmp_api↗2018-10-08

▶

OSV

CVE-2018-18066: snmp_oid_compare in snmplib/snmp_api↗2018-10-08

▶

📋Vendor Advisories

CISA ICS

Hitachi Energy AFF66x↗2023-08-22

▶

Debian

CVE-2018-18066: net-snmp - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer...↗2018

▶

Red Hat

net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service↗2015-10-06

▶

💬Community

Bugzilla

CVE-2018-18065 CVE-2018-18066 net-snmp: various flaws [fedora-all]↗2018-10-09

▶

Bugzilla

CVE-2018-18065 net-snmp: NULL pointer exception in _set_key in agent/helpers/table_container.c resulting in a denial of service↗2018-10-09

▶

Bugzilla

CVE-2018-18066 net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service↗2018-10-09

▶