CVE-2022-44792

Name
CVE-2022-44792
Description
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/net-snmp/net-snmp/issues/474
MISC https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
Mailing List https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20230223-0011/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:* net-snmp >= 5.8 <= 5.9.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
net-snmp 3.13-main 5.9.3-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
net-snmp 3.17-main 5.9.3-r2 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
net-snmp 3.16-main 5.9.3-r1 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
net-snmp 3.15-main 5.9.3-r1 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
net-snmp 3.14-main 5.9.3-r1 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
net-snmp 3.18-main 5.9.3-r3 Carlo Landmeter <clandmeter@alpinelinux.org> fixed