Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-44792

Published: 7 November 2022

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
net-snmp
Launchpad, Ubuntu, Debian
bionic
Released (5.7.3+dfsg-1.8ubuntu3.8)
focal
Released (5.8+dfsg-2ubuntu2.6)
jammy
Released (5.9.1+dfsg-1ubuntu2.4)
kinetic
Released (5.9.3+dfsg-1ubuntu1.2)
trusty
Released (5.7.2~dfsg-8.1ubuntu3.3+esm3)
upstream Needs triage

xenial
Released (5.7.3+dfsg-1ubuntu4.6+esm1)
Patches:
upstream: https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57