Debian Net-Snmp vulnerabilities

CVE-2025-68615 [CRITICAL] CVE-2025-68615: net-snmp - net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.... net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2. Scope: local bookworm: resolved (fixed in 5.9.3+dfsg-2+deb12u1) bullseye: resolved (fixed in

CVE-2022-24808 [MEDIUM] CVE-2022-24808: net-snmp - net-snmp provides various tools relating to the Simple Network Management Protoc... net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentia

CVE-2022-44792 [MEDIUM] CVE-2022-44792: net-snmp - handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 throug... handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. Scope: local bookworm: resolved (fixed in 5.9.3+dfsg-2) bullseye: resolved (fixed in 5.9+dfsg-

CVE-2022-24810 [MEDIUM] CVE-2022-24810: net-snmp - net-snmp provides various tools relating to the Simple Network Management Protoc... net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must us

CVE-2022-24806 [MEDIUM] CVE-2022-24806: net-snmp - net-snmp provides various tools relating to the Simple Network Management Protoc... net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing th

CVE-2022-24805 [MEDIUM] CVE-2022-24805: net-snmp - net-snmp provides various tools relating to the Simple Network Management Protoc... net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid s

CVE-2022-24809 [MEDIUM] CVE-2022-24809: net-snmp - net-snmp provides various tools relating to the Simple Network Management Protoc... net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who

CVE-2022-24807 [MEDIUM] CVE-2022-24807: net-snmp - net-snmp provides various tools relating to the Simple Network Management Protoc... net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and

CVE-2022-44793 [MEDIUM] CVE-2022-44793: net-snmp - handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 ... handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. Scope: local bookworm: resolved (fixed in 5.9.3+dfsg-2) bullseye: resolved (fixed in 5.9+dfsg-4+deb11u2) forky:

CVE-2020-15862 [HIGH] CVE-2020-15862: net-snmp - Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access... Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Scope: local bookworm: resolved (fixed in 5.8+dfsg-4) bullseye: resolved (fixed in 5.8+dfsg-4) forky: resolved (fixed in 5.8+dfsg-4) sid: resolved (fixed in 5.8+dfsg-4) trixie: resolved (fixed in 5.8+dfsg-4)

CVE-2020-15861 [HIGH] CVE-2020-15861: net-snmp - Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic ... Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Scope: local bookworm: resolved (fixed in 5.8+dfsg-5) bullseye: resolved (fixed in 5.8+dfsg-5) forky: resolved (fixed in 5.8+dfsg-5) sid: resolved (fixed in 5.8+dfsg-5) trixie: resolved (fixed in 5.8+dfsg-5)

CVE-2019-20892 [MEDIUM] CVE-2019-20892: net-snmp - net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in sn... net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. Scope: local bookworm: resolved (fixed in 5.8+dfsg-3) bullseye: resolved (fixed in 5.8+dfsg-3) forky: res

CVE-2018-1000116 [CRITICAL] CVE-2018-1000116: net-snmp - NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP proto... NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. Scope: local bookworm: resolved (fixed in 5.7.3+dfsg-1.1) bullseye: resolved (fixed in 5.7.3+dfsg-1.1) forky: resolved (fixed in 5.7.3+dfsg-1.1) sid: resolved (fixed in 5.7.3+dfsg-1.1) trixie: resolved (fixed in 5.7.3+dfsg-1.1)

CVE-2018-18066 [HIGH] CVE-2018-18066: net-snmp - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer... snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. Scope: local bookworm: resolved (fixed in 5.7.3+dfsg-1.1) bullseye: resolved (fixed in 5.7.3+dfsg-1.1) forky: resolved (fixed

CVE-2018-18065 [MEDIUM] CVE-2018-18065: net-snmp - _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Po... _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. Scope: local bookworm: resolved (fixed in 5.7.3+dfsg-4) bullseye: resolved (fixed in 5.7.3+dfsg-4) forky: resolved (fixed

CVE-2015-5621 [HIGH] CVE-2015-5621: net-snmp - The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not... The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. Scope: local bookworm: resolved (fixed in 5.7.3+dfsg-1.1) bullseye:

CVE-2015-8100 [LOW] CVE-2015-8100: net-snmp - The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf... The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-2310 [MEDIUM] CVE-2014-2310: net-snmp - The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a ... The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. Scope: local bookworm: resolved (fixed in 5.7.2~dfsg-3) bullseye: resolved (fixed in 5.7.2~dfsg-3) forky: resol

CVE-2014-3565 [MEDIUM] CVE-2014-3565: net-snmp - snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows... snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. Scope: local bookworm: resolved (fixed in 5.7.2.1~dfsg-

CVE-2014-2284 [MEDIUM] CVE-2014-2284: net-snmp - The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x b... The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. Scope: local bookworm: resolved (fixed in 5.7.2.1~dfsg-3) bullseye: resolved (fixed in 5.7.2.1~dfsg-3) forky: resolved (fixed in