CVE-2022-24809

Published: Apr 16, 2024Modified: Jan 17, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Affected (23)

Products: Net Snmp: Net Snmp · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Net Snmp: Net Snmp · Fedoraproject: Fedora · Debian: Debian Linux · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64, Enterprise Linux For Arm 64 Eus, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Ibm Z Systems Eus, Enterprise Linux For Power Little Endian, Enterprise Linux For Power Little Endian Eus, Enterprise Linux Server Aus, Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions, Enterprise Linux Server Update Services For Sap Solutions, Enterprise Linux Update Services For Sap Solutions

1 product

1 product

1 product

12 products

Enterprise Linux For Arm 64

Enterprise Linux For Arm 64 Eus

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Power Little Endian

Enterprise Linux For Power Little Endian Eus

Enterprise Linux Server Aus

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux Update Services For Sap Solutions

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Net Snmp Net Snmp	Before 5.9.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 36

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Configuration D

19 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 9.0
Redhat Enterprise Linux Eus	Version 9.2
Redhat Enterprise Linux Eus	Version 9.4
Redhat Enterprise Linux For Arm 64	Version 9.0
Redhat Enterprise Linux For Arm 64	Version 9.2_aarch64
Redhat Enterprise Linux For Arm 64	Version 9.4_aarch64
Redhat Enterprise Linux For Arm 64 Eus	Version 9.4_aarch64
Redhat Enterprise Linux For Ibm Z Systems	Version 9.0
Redhat Enterprise Linux For Ibm Z Systems	Version 9.2_s390x
Redhat Enterprise Linux For Ibm Z Systems	Version 9.4_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus	Version 9.4_s390x
Redhat Enterprise Linux For Power Little Endian	Version 9.0
Redhat Enterprise Linux For Power Little Endian Eus	Version 9.2_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	Version 9.4_ppc64le
Redhat Enterprise Linux Server Aus	Version 9.2
Redhat Enterprise Linux Server Aus	Version 9.4
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	Version 9.2_ppc64le
Redhat Enterprise Linux Server Update Services For Sap Solutions	Version 9.2
Redhat Enterprise Linux Update Services For Sap Solutions	Version 9.4