cbcvebase.
CVE-2022-44793
published 2022-11-07

CVE-2022-44793: handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote…

PriorityP345medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
53.46%
98.9th percentile
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiannet-snmp< net-snmp 5.9.3+dfsg-2 (bookworm)net-snmp 5.9.3+dfsg-2 (bookworm)
msrcazl3_net-snmp_5.9.4-1_on_azure_linux_3.0
msrccbl2_net-snmp_5.9.4-1_on_cbl_mariner_2.0
msrccm1_net-snmp_5.9-4_on_cbl_mariner_1.0
net-snmpnet-snmp>= 0 < 5.9+dfsg-4+deb11u25.9+dfsg-4+deb11u2
net-snmpnet-snmp>= 0 < 5.9.3+dfsg-25.9.3+dfsg-2
net-snmpnet-snmp>= 0 < 5.9.3+dfsg-25.9.3+dfsg-2
net-snmpnet-snmp>= 0 < 5.9.3+dfsg-25.9.3+dfsg-2
net-snmpnet-snmp5.4.3 – 5.9.3
paloaltopan-os

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable code path is in handle_ipv6IpForwarding within agent/mibgroup/ip-mib/ip_scalars.c — monitor for SNMP agent crashes originating from this function
  • Attack vector is a crafted UDP packet targeting the SNMP agent; monitor for unexpected UDP traffic to SNMP ports (161/UDP) that causes process crashes
  • ·Affected versions are Net-SNMP 5.4.3 through 5.9.3; the NULL Pointer Exception is triggered specifically via the IPv6 IP forwarding MIB handler, so deployments with IPv6 SNMP MIB access exposed are at higher risk
  • ·Debian fixed this in 5.9.3+dfsg-2 (bookworm/sid/trixie/forky) and 5.9+dfsg-4+deb11u2 (bullseye); ensure patched package versions are deployed

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.