CVE-2008-2292

Published: May 18, 2008Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Affected (3)

Products: Net Snmp: Net Snmp

Net Snmp

1 product

Net Snmp

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Net Snmp Net Snmp	Version 5.1.4
Net Snmp Net Snmp	Version 5.2.4
Net Snmp Net Snmp	Version 5.4.1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (60)

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html

Source: cve@mitre.org

http://secunia.com/advisories/30187

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30615

Source: cve@mitre.org

http://secunia.com/advisories/30647

Source: cve@mitre.org

http://secunia.com/advisories/31155

Source: cve@mitre.org

http://secunia.com/advisories/31334

Source: cve@mitre.org

http://secunia.com/advisories/31351

Source: cve@mitre.org

http://secunia.com/advisories/31467

Source: cve@mitre.org

http://secunia.com/advisories/31568

Source: cve@mitre.org

http://secunia.com/advisories/32664

Source: cve@mitre.org

http://secunia.com/advisories/33003

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200808-02.xml

Source: cve@mitre.org

http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1663

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2008:118

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0529.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/29212

Source: cve@mitre.org

http://www.securitytracker.com/id?1020527

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-685-1

Source: cve@mitre.org

http://www.vmware.com/security/advisories/VMSA-2008-0013.html

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1528/references

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2141/references

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2361

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42430

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html