Your submission was sent successfully! Close

CVE-2018-18066

Published: 8 October 2018

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Notes

AuthorNote
mdeslaur
this is a duplicate of CVE-2015-5621 which was fixed in
USN-2711-1
0025-Bug-788964-net-snmp-snmp_pdu_parse-DoS.patch in bionic
CVE-2015-5621.patch in xenial
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
net-snmp
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.7.3+dfsg-1.8ubuntu3)
precise Not vulnerable
(5.4.3~dfsg-2.4ubuntu1.3)
trusty Not vulnerable
(5.7.2~dfsg-8.1ubuntu3.1)
upstream
Released (5.7.3+dfsg-1.1)
xenial Not vulnerable
(5.7.3+dfsg-1ubuntu1)
Patches:
upstream: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/