CVE-2022-44792NULL Pointer Dereference in Net-snmp

CWE-476NULL Pointer Dereference11 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
2.3%
top 15.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Net-snmpDebian Net-snmpDebian Linux+4 more
Timeline
PublishedNov 7
Latest updateSep 4

Description

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

debiandebian/net-snmp< net-snmp 5.9.3+dfsg-2 (bookworm)
Debiannet-snmp/net-snmp< 5.9+dfsg-4+deb11u2+3
NVDnet-snmp/net-snmp5.85.9.3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

2
GHSA
GHSA-pccv-xjc7-m5qv: handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars2022-11-07
OSV
CVE-2022-44792: handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars2022-11-07

📋Vendor Advisories

8
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-09-04
CISA ICS
Siemens SIMATIC and SIPLUS2024-06-13
CISA ICS
Siemens SIMATIC MV5002023-11-16
Ubuntu
Net-SNMP vulnerabilities2023-01-16
Ubuntu
Net-SNMP vulnerabilities2023-01-09