CVE-2022-44792

Published: 7 November 2022

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
net-snmp Launchpad, Ubuntu, Debian	bionic	Released (5.7.3+dfsg-1.8ubuntu3.8)
	focal	Released (5.8+dfsg-2ubuntu2.6)
	jammy	Released (5.9.1+dfsg-1ubuntu2.4)
	kinetic	Released (5.9.3+dfsg-1ubuntu1.2)
	trusty	Released (5.7.2~dfsg-8.1ubuntu3.3+esm3)
	upstream	Needs triage
	xenial	Released (5.7.3+dfsg-1ubuntu4.6+esm1)
	Patches: upstream: https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44792
https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
https://ubuntu.com/security/notices/USN-5795-1
https://ubuntu.com/security/notices/USN-5795-2
NVD
Launchpad
Debian

Bugs

https://github.com/net-snmp/net-snmp/issues/474
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024020

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›