CVE-2022-44793 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash.

CVE-2018-5602 has been assigned to this issue. It is potentially a critical issue as the software is widely used, running on many devices with many users.

In addition, Net-SNMP 5.7.0 through 5.9.3 has a Memory Corruption Vulnerability that can be used to remotely crash the software via a crafted SNMP request, resulting in Denial of Service. This issue has been assigned the CVE ID CVE-2018-5607.

In addition, Net-SNMP 5.7.0 through 5.9.3 has a Memory Corruption Vulnerability that can be used to remotely crash the software via a crafted SNMP request, resulting in Denial of Service. This issue has been assigned the CVE ID CVE-2018-5609.
These issues have been fixed in 5.10.0.

References

1. https://support.f5.com/kb/en-us/solutions/public/9000/700/sol9970.html
2. https://www.net-snmp.org/about-snmp
3. https://cve.mitre.org

SNMP Vulnerabilities

Net-SNMP is a commonly used utility that allows you to monitor and configure network servers, devices, and the like. The software is widely used, running on many devices with many users. These vulnerabilities can be exploited by attackers to remotely crash the software via a crafted SNMP request.
These issues have been fixed in 5.10.0.

SNMP Protocol Weaknesses

The SNMP protocol has security weaknesses that can be exploited by attackers to remotely crash the software.
SNMPv3 does not provide any authentication, which means it is possible for an attacker to craft a malicious SNMP request and send it to a device. This will result in a Denial of Service condition on the device. The following vulnerabilities have been identified:
For more information see CVE-2018-5607 and CVE-2018-5609.

SNMP versions and platforms supported by Net-SNMP

Net-SNMP is a widely used network management tool that supports many platforms and SNMP versions. The issue with the Memory Corruption Vulnerability, as mentioned above, is due to the Net-SNMP 5.7.0 through 5.9.3 software being vulnerable to memory corruption attacks when sending SNMP requests.

Timeline

Published on: 11/07/2022 03:15:00 UTC
Last modified on: 11/08/2022 04:23:00 UTC

References

• https://github.com/net-snmp/net-snmp/issues/475
• https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44793