handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.49%
Published
2022-11-07
Updated
2023-03-28
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.49%
Published
2022-11-07
Updated
2023-03-28
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-08-20
Updated
2023-11-22
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-08-20
Updated
2022-12-03
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
Max CVSS
6.5
EPSS Score
0.43%
Published
2020-06-25
Updated
2022-09-02
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
Max CVSS
9.8
EPSS Score
82.26%
Published
2018-03-07
Updated
2020-08-24
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
7.5
EPSS Score
0.39%
Published
2018-10-08
Updated
2019-10-16
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.41%
Published
2018-10-08
Updated
2019-10-16
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Max CVSS
7.5
EPSS Score
7.03%
Published
2015-08-19
Updated
2018-10-10
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Max CVSS
6.8
EPSS Score
23.82%
Published
2008-05-18
Updated
2017-09-29
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
Max CVSS
7.8
EPSS Score
85.07%
Published
2007-11-06
Updated
2018-10-15
Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access.
Max CVSS
7.5
EPSS Score
0.56%
Published
2006-12-06
Updated
2017-07-29
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
Max CVSS
10.0
EPSS Score
9.41%
Published
2005-12-31
Updated
2017-10-11
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
Max CVSS
10.0
EPSS Score
0.05%
Published
2005-05-24
Updated
2017-10-11
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
Max CVSS
6.4
EPSS Score
0.35%
Published
2003-12-01
Updated
2017-10-11
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!