SB2023011024 - Multiple vulnerabilities in Net-snmp
Published: January 10, 2023 Updated: May 1, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-44793)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipv6IpForwarding() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote attacker can send specially crafted UDP packets to the application and perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2022-44792)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipDefaultTTL() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote non-authenticated attacker can send specially crafted UDP to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/net-snmp/net-snmp/issues/475
- https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f
- https://github.com/net-snmp/net-snmp/issues/474
- https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
- https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57