CVE-2022-44793 — NULL Pointer Dereference in Net-snmp

CWE-476 — NULL Pointer Dereference11 documents9 sources

Severity

6.5MEDIUMNVD

EPSS

1.7%

top 17.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp Debian Linux +4 more

Timeline

PublishedNov 7

Latest updateSep 4

Description

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶debiandebian/net-snmp< net-snmp 5.9.3+dfsg-2 (bookworm)

▶Debiannet-snmp/net-snmp< 5.9+dfsg-4+deb11u2+3

▶NVDnet-snmp/net-snmp5.4.3 — 5.9.3

▶msrcmsrc/cm1_net-snmp_5.9-4_on_cbl_mariner_1.0

▶msrcmsrc/azl3_net-snmp_5.9.4-1_on_azure_linux_3.0

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

CVE-2022-44793: handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars↗2022-11-07

▶

GHSA

GHSA-gg4c-vq6j-h4hr: handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars↗2022-11-07

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-09-04

▶

CISA ICS

Siemens SIMATIC and SIPLUS↗2024-06-13

▶

CISA ICS

Siemens SIMATIC MV500↗2023-11-16

▶

Ubuntu

Net-SNMP vulnerabilities↗2023-01-16

▶

Ubuntu

Net-SNMP vulnerabilities↗2023-01-09

▶