CVE-2022-24809

Publication date 8 July 2022

Last updated 24 July 2024


Ubuntu priority

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Read the notes from the security team

Status

Package Ubuntu Release Status
net-snmp 22.10 kinetic
Fixed 5.9.1+dfsg-4ubuntu2
22.04 LTS jammy
Fixed 5.9.1+dfsg-1ubuntu2.2
21.10 impish Ignored end of life
20.04 LTS focal
Fixed 5.8+dfsg-2ubuntu2.4
18.04 LTS bionic
Fixed 5.7.3+dfsg-1.8ubuntu3.7
16.04 LTS xenial
14.04 LTS trusty

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes


mdeslaur

same commits as CVE-2022-24805

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
net-snmp

References

Related Ubuntu Security Notices (USN)

    • USN-5543-1
    • Net-SNMP vulnerabilities
    • 1 August 2022
    • USN-5795-2
    • Net-SNMP vulnerabilities
    • 16 January 2023

Other references